
NexID is a universal digital identity platform, secure and GDPR-compliant, built in Rust with Axum. Users create a single account holding their personal data (name, address, payment info…) and authorize third-party applications to access it through the standard OAuth 2.1 and OpenID Connect protocols. The platform enforces PKCE on all flows, encrypts sensitive data at rest with AES-256-GCM, hashes passwords with Argon2id, and provides data export, deletion and audit logging for GDPR compliance. Choosing Rust guarantees memory safety and predictable latency on critical endpoints.
OAuth 2.1 / OpenID Connect identity provider
PKCE required on all authorization flows
AES-256-GCM encryption of data at rest
Argon2id password hashing (OWASP)
Granular consent management
GDPR compliance (data export and deletion)
Audit logging of all data access
Rate limiting and security headers
Building a trustworthy identity provider able to centralize a user's personal data and expose it to third-party applications without ever compromising security or privacy. The challenge was to correctly implement the OAuth 2.1 and OpenID Connect protocols (authorization, token exchange, userinfo, discovery, JWKS), with PKCE enforced, while guaranteeing encryption of sensitive data, GDPR compliance and predictable latency on critical authentication endpoints.
AES-256-GCM encryption, Argon2id hashing, constant-time comparisons and security headers
Implementing authorize, token, userinfo, discovery and JWKS with PKCE enforced
Data export, right to deletion, granular consents and audit logging
Leveraging Rust (no GC) for fast, deterministic authentication endpoints
Implementation in Rust with Axum, organized into clear modules, crypto (AES-256-GCM, Argon2id), database layer (sqlx + PostgreSQL), OAuth2/OIDC implementation (authorize, token, userinfo, discovery) and security middleware. PostgreSQL stores users, OAuth clients and consents; Redis handles sessions and caching. GDPR is handled end to end (JSON export, right to deletion, granular consents, audit). Rust's memory safety and an optimized release profile (LTO, panic=abort) deliver security guarantees and predictable latency.
Rust
Language
Memory-safe by design
OAuth 2.1
Protocols
+ OpenID Connect, PKCE
AES-256
Encryption
GCM at rest + Argon2id
GDPR
Compliance
Export, deletion, audit
1
Developer
Solo project
Building an identity provider from scratch requires mastering every flow and security guarantee (PKCE, rotation, redirect validation)
Working directly with AES-256-GCM and Argon2id teaches how to handle nonces, OWASP parameters and constant-time comparisons
Designing for export, deletion and consents at the data model level avoids a costly rework later
Memory safety and the absence of a GC make Rust an excellent choice for a low-latency authentication service

French platform for pet adoption, geolocated lost/found reporting and a directory of certified pet boarding facilities, built with a .NET API, PostGIS matching and web & mobile apps.

Educational implementation of a GPT-style language model, built from scratch in Rust with the Candle framework, prioritizing clarity over performance.

Complete medical questionnaire and rehabilitation management solution with microservices API, admin dashboard and mobile patient application.