nike.net Identity Platform

Shared identity, authorization, and admin platform for nike.net applications

Project Overview

Built and operated the shared identity platform used across nike.net applications. The platform provides authentication, authorization, user-context, and credential-validation APIs, while keeping the Admin Portal, login page, and first portal page under the same platform boundary.

Challenge

Multiple nike.net applications were owned by different teams, but all of them needed one way to verify who the logged-in user is, what roles they have, which organization they belong to, and whether their credentials are valid. Operations also needed to manage users, roles, and apps under the same identity model.

Solution

Shared identity API design

Designed a shared identity API structure used by nike.net applications and the Admin Portal.

Designed OAuth 2.0 and JWT-based authentication flows

Defined one model for apps, users, roles, and organizations

Connected admin APIs plus login and portal surfaces to the same identity model

Applied centralized token validation and credential-checking rules

Authorization and operational lookup structure

Aligned role-based authorization with operational lookup APIs so admin and application behavior followed the same rules.

Exposed role and authorization validation APIs

Defined resource-level access control rules

Provided user, role, and app lookup/management APIs for operations teams

Maintained one standard model across partner and internal users

Scalable operating model

Kept the structure API-centric so the same identity model could support both new nike.net applications and internal operations growth.

Maintained a common identity baseline when onboarding new nike.net applications

Separated admin operational requirements from core API responsibilities

Clarified the boundary between authentication, authorization, and lookup functions

Preserved a clean path toward event-pipeline integration

Tech Stack

OAuth 2.0

OAuth 2.0 / JWT-based nike.net authentication

JWT

Spring Security-backed auth and authorization services

Spring Security

RBAC authorization model

RBAC

Admin / login / portal integration

Admin / Portal

User, role, app, and organization data stores

Shared Identity

Operational lookup and management endpoints

Oracle / MySQL

Common access-control model for nike.net applications

AWS

Foundation for downstream event pipeline integration

Akamai

Access-path optimization and caching

Key Results

Established a common identity foundation for nike.net applications and the Admin Portal

Structured centralized authorization validation and lookup APIs

Defined one access-control model for partner and internal operational use

Created a clean foundation for downstream identity event architecture

Reframed the work under a clearer canonical title than a generic OAuth label

Enabled operations and application identity flows to be managed under the same platform boundary

Learnings

nike.net Identity work depends as much on roles and admin operations as on token issuance

Defining the boundary between Admin Portal and API responsibilities simplifies later expansion

Canonical naming matters when the same work appears across resume and portfolio channels

Identity systems should be designed with downstream event and analytics use cases in mind

← Back to Projects Contact Me →