About GDHacker IDS
GDHacker IDS is the district's authoritative single sign-on (SSO) and identity service. It centralizes authentication for approved district applications and services to improve security, simplify access, and provide consistent audit trails.
Executive summary
This service was designed and implemented by the district Information Security Specialist to provide a standards-based, secure authentication platform for internal applications. It implements modern best practices including OAuth 2.0 / OpenID Connect, PKCE, rotating refresh tokens, and FIDO2 (passkeys) to reduce credential risk and improve user experience.
Scope & authority
This identity service is the district-authorized authentication gateway for integrated applications. Only applications approved by district IT may delegate authentication to this service. Integration and client registration are managed by the Information Security Specialist following district policies.
Service details
- Service
- Central SSO / Identity Provider (GDHacker IDS)
- Owner / Maintainer
- Information Security Specialist — YYDS (sole developer and operator of this service)
- Environment
- Production — district internal use only
- Primary technologies
- ASP.NET Core (.NET 10), Dapper, Microsoft SQL Server, FIDO2
- Standards
- OAuth 2.0, OpenID Connect, PKCE, FIDO2 / WebAuthn
- Support
- User support via Help Desk. Technical integration support by the Information Security Specialist.
Availability & change management
The service is maintained by the Information Security Specialist. Planned maintenance and configuration changes follow district change control procedures. Emergency fixes and security patches are applied as required to maintain the security and availability of the service.
Security, audit & privacy
Authentication events and administrative actions are logged for audit and incident response. Sensitive configuration and secrets must be stored in a secure vault and rotated periodically. Access to administrative functions and logs is restricted to authorized personnel under district policy.
Integration guidance
Third-party or internal applications that integrate with this service should:
- Register as an OAuth/OIDC client and follow the provided client configuration.
- Prefer PKCE for public clients and use confidential client credentials for server-side apps.
- Implement token validation and handle refresh token rotation according to the integration guide.
Credits
Developed and maintained by YYDS — Information Security Specialist (sole developer). For deployment, integration, or security questions, contact the Help Desk or YYDS.
Back to home