Biometric OAuth2 Authentication Provider
Project Status: This research project has been archived in favor of FraudLens, which demonstrated stronger product-market fit and enterprise demand. The learnings from FaceAuth's security and authentication architecture inform the FraudLens security implementation.
FaceAuth was a research project exploring biometric authentication as a replacement for passwords. The hypothesis: facial recognition combined with liveness detection could provide both stronger security and better user experience than traditional credentials.
FaceAuth implemented a complete OAuth2-compliant authentication provider. Users authenticate using facial recognition via AWS Rekognition. The system includes deepfake detection, liveness checking, and enterprise-grade security patterns. All interactions are secured with JWT tokens and standard OAuth2 flows.
While FaceAuth demonstrated strong technical achievement, market research revealed limited near-term adoption. Enterprise security teams remain risk-averse with biometric authentication. FraudLens, conversely, addresses a clearly quantified problem (€20B annual fraud) with immediate ROI. This decision reflects pragmatism: building what markets need, not just what's technically interesting.
Standard OAuth2 Authorization Code Flow with biometric authentication at the credential exchange step.
AWS Rekognition provides highly accurate face matching. System stores face embeddings for registered users and compares against login attempt images.
Detects spoofing attempts using high-quality photos or deepfake videos. Confidence scoring indicates likelihood of genuine authentication.
Challenge-response system requires users to perform actions (smile, blink, turn head) to prove they're providing live face. Prevents static image attacks.
Full OAuth2 provider implementation. Compatible with any client supporting standard OAuth2 flows. Generates standards-compliant JWT tokens.
Complete audit trail of all authentication attempts. Logs successful logins, failed attempts, and confidence scores for security analysis.
Enterprise security patterns: CORS configuration, CSRF protection, rate limiting, secure token storage, and TLS-only communication.
On AWS Rekognition benchmark
Photos, videos, masks
Face capture to token generation
Face match + Liveness + Deepfake
Implementing OAuth2 from scratch taught nuances: authorization codes, token lifetimes, refresh token rotation, and scope management. Critical for understanding enterprise authentication.
Face embeddings, confidence scoring, and the "detect" vs "recognize" distinction. Learned that perfect accuracy is impractical—must balance false positives/negatives.
Research revealed that deepfake detection is not a solved problem. Liveness detection helps but isn't foolproof. Enterprise adoption requires acceptance of residual risk.
The biggest learning: technical achievement doesn't equal market success. FaceAuth was technically sound but lacked enterprise demand. FraudLens solves a quantifiable problem—crucial difference.
FaceAuth's security-first patterns directly inform FraudLens. Multi-layered validation approach (parts + labor + phantom work + history) mirrors FaceAuth's layered authentication (face + liveness + deepfake).
Experience with AWS Rekognition made transitioning to Textract and Bedrock natural. Similar patterns for service integration, error handling, and cost optimization.
FaceAuth forced engagement with enterprise security concerns. This mindset transfers to FraudLens: GDPR compliance, data retention, audit logging, and risk assessment.
While FaceAuth is archived, the security and authentication patterns remain valuable for enterprise applications. Learn more about my approach to secure system design.