Digital Identity Systems on Alpine Linux
Digital identity management is crucial for modern applications and services. Learn how to implement secure, scalable identity systems on Alpine Linux using industry-standard protocols and tools! π
What are Digital Identity Systems?
Digital identity systems provide secure methods for:
- User Authentication: Verifying user identities
- Authorization: Controlling access to resources
- Single Sign-On (SSO): One login for multiple services
- Identity Federation: Sharing identities across organizations
- Multi-Factor Authentication: Enhanced security layers
Common Identity Protocols
Weβll implement several protocols:
- OAuth 2.0: Authorization framework
- OpenID Connect: Authentication layer on OAuth 2.0
- SAML 2.0: Security Assertion Markup Language
- LDAP: Lightweight Directory Access Protocol
- JWT: JSON Web Tokens for stateless authentication
Prerequisites
Before implementing identity systems:
- Alpine Linux system with root access
- Domain name with SSL certificate
- Basic understanding of authentication concepts
- Database system (PostgreSQL/MySQL)
Step 1: System Preparation
Update System and Install Dependencies
# Update Alpine Linux
sudo apk update && sudo apk upgrade
# Install essential packages
sudo apk add nginx postgresql postgresql-dev redis
sudo apk add python3 python3-dev py3-pip nodejs npm
sudo apk add openssl ca-certificates git curl wget
# Install development tools
sudo apk add build-base cmake libffi-devConfigure Database
# Initialize PostgreSQL
sudo rc-update add postgresql
sudo /etc/init.d/postgresql setup
sudo /etc/init.d/postgresql start
# Create identity database
sudo -u postgres createdb identity_system
sudo -u postgres psql -c "CREATE USER identity_user WITH PASSWORD 'secure_password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE identity_system TO identity_user;"Step 2: OAuth 2.0 Server Implementation
Install OAuth2 Server (Hydra)
# Download Ory Hydra
cd /tmp
wget https://github.com/ory/hydra/releases/download/v2.2.0/hydra_2.2.0_Linux_64bit.tar.gz
tar -xzf hydra_2.2.0_Linux_64bit.tar.gz
sudo mv hydra /usr/local/bin/
# Verify installation
hydra versionConfigure Hydra
# Create Hydra configuration directory
sudo mkdir -p /etc/hydra
sudo nano /etc/hydra/config.yamlAdd Hydra configuration:
# Hydra Configuration
serve:
public:
host: 0.0.0.0
port: 4444
admin:
host: 0.0.0.0
port: 4445
dsn: postgres://identity_user:secure_password@localhost:5432/identity_system?sslmode=disable
urls:
self:
issuer: https://auth.yourdomain.com
consent: https://auth.yourdomain.com/consent
login: https://auth.yourdomain.com/login
logout: https://auth.yourdomain.com/logout
secrets:
system:
- "your-32-character-secret-key-here!"
oidc:
subject_identifiers:
supported_types:
- pairwise
- public
pairwise:
salt: "your-salt-here"
ttl:
login_consent_request: 1h
access_token: 1h
refresh_token: 720h
id_token: 1h
auth_code: 10m
oauth2:
expose_internal_errors: false
hashers:
algorithm: bcrypt
bcrypt:
cost: 12Initialize Hydra Database
# Run database migrations
hydra migrate sql --yes postgres://identity_user:secure_password@localhost:5432/identity_system?sslmode=disable
# Create OAuth2 client
hydra clients create \
--endpoint http://localhost:4445 \
--id example-client \
--secret client-secret \
--grant-types authorization_code,refresh_token \
--response-types code \
--scope openid,offline \
--callbacks https://yourapp.com/callbackCreate Hydra Service
# Create systemd service file
sudo nano /etc/init.d/hydraAdd service script:
#!/sbin/openrc-run
name="hydra"
description="Ory Hydra OAuth2 Server"
command="/usr/local/bin/hydra"
command_args="serve all --config /etc/hydra/config.yaml"
pidfile="/var/run/hydra.pid"
command_background="yes"
depend() {
need net postgresql
}
start_pre() {
checkpath --directory --owner root:root --mode 0755 /var/run
}Start Hydra service:
sudo chmod +x /etc/init.d/hydra
sudo rc-update add hydra default
sudo rc-service hydra startStep 3: OpenID Connect Identity Provider
Install and Configure Keycloak
# Download Keycloak
cd /opt
sudo wget https://github.com/keycloak/keycloak/releases/download/22.0.1/keycloak-22.0.1.tar.gz
sudo tar -xzf keycloak-22.0.1.tar.gz
sudo mv keycloak-22.0.1 keycloak
# Create keycloak user
sudo adduser -D -s /bin/false keycloak
sudo chown -R keycloak:keycloak /opt/keycloakConfigure Keycloak Database
# Create Keycloak database
sudo -u postgres createdb keycloak
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE keycloak TO identity_user;"
# Configure Keycloak database connection
sudo nano /opt/keycloak/conf/keycloak.confAdd database configuration:
# Database configuration
db=postgres
db-username=identity_user
db-password=secure_password
db-url=jdbc:postgresql://localhost:5432/keycloak
# Hostname configuration
hostname=auth.yourdomain.com
hostname-strict=false
hostname-strict-https=false
# HTTP configuration
http-enabled=true
http-port=8080
https-port=8443
# Proxy configuration
proxy=edgeInitialize Keycloak
# Build Keycloak
cd /opt/keycloak
sudo -u keycloak bin/kc.sh build
# Create admin user
sudo -u keycloak bin/kc.sh start-dev --verbose &
sleep 30
# Create admin user via CLI
curl -X POST http://localhost:8080/admin/realms/master/users \
-H "Content-Type: application/json" \
-d '{
"username": "admin",
"email": "[email protected]",
"enabled": true,
"credentials": [{
"type": "password",
"value": "admin_password",
"temporary": false
}]
}'Create Keycloak Service
# Create service script
sudo nano /etc/init.d/keycloakAdd service configuration:
#!/sbin/openrc-run
name="keycloak"
description="Keycloak Identity and Access Management"
user="keycloak"
group="keycloak"
command="/opt/keycloak/bin/kc.sh"
command_args="start --optimized"
pidfile="/var/run/keycloak.pid"
command_background="yes"
depend() {
need net postgresql
}
start_pre() {
checkpath --directory --owner keycloak:keycloak --mode 0755 /var/run
}Enable Keycloak:
sudo chmod +x /etc/init.d/keycloak
sudo rc-update add keycloak default
sudo rc-service keycloak startStep 4: SAML 2.0 Implementation
Install SimpleSAMLphp
# Install PHP and required extensions
sudo apk add php8 php8-fpm php8-dom php8-xml php8-xmlreader
sudo apk add php8-session php8-openssl php8-mbstring
sudo apk add php8-curl php8-json php8-pdo php8-pdo_pgsql
# Download SimpleSAMLphp
cd /opt
sudo wget https://github.com/simplesamlphp/simplesamlphp/releases/download/v2.0.4/simplesamlphp-2.0.4.tar.gz
sudo tar -xzf simplesamlphp-2.0.4.tar.gz
sudo mv simplesamlphp-2.0.4 simplesamlphp
# Set permissions
sudo chown -R nginx:nginx /opt/simplesamlphpConfigure SimpleSAMLphp
# Copy default configuration
cd /opt/simplesamlphp
sudo cp config-templates/config.php config/config.php
sudo nano config/config.phpEdit configuration:
<?php
$config = [
'baseurlpath' => '/simplesaml/',
'certdir' => 'cert/',
'loggingdir' => 'log/',
'datadir' => 'data/',
'tempdir' => '/tmp/simplesaml',
'auth.adminpassword' => 'admin_secret_password',
'secretsalt' => 'your-secret-salt-here',
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => '[email protected]',
'timezone' => 'UTC',
'store.type' => 'sql',
'store.sql.dsn' => 'pgsql:host=localhost;port=5432;dbname=identity_system',
'store.sql.username' => 'identity_user',
'store.sql.password' => 'secure_password',
'session.cookie.secure' => true,
'session.cookie.samesite' => 'None',
];Configure SAML Identity Provider
# Configure SAML IdP
sudo nano /opt/simplesamlphp/metadata/saml20-idp-hosted.phpAdd IdP configuration:
<?php
$metadata['https://auth.yourdomain.com/saml'] = [
'host' => '__DEFAULT__',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'auth' => 'example-userpass',
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
'authproc' => [
30 => 'core:LanguageAdaptor',
45 => [
'class' => 'core:StatisticsWithAttribute',
'attributename' => 'realm',
'type' => 'saml20-idp-SSO',
],
50 => 'core:AttributeLimit',
99 => 'core:LanguageAdaptor',
],
];Step 5: LDAP Authentication Backend
Install OpenLDAP
# Install OpenLDAP
sudo apk add openldap openldap-back-mdb openldap-clients
# Configure LDAP
sudo nano /etc/openldap/slapd.confAdd LDAP configuration:
# Schema includes
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
# Process ID and arguments files
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Database configuration
database mdb
suffix "dc=yourdomain,dc=com"
rootdn "cn=admin,dc=yourdomain,dc=com"
rootpw {SSHA}your-hashed-password-here
# Database directory
directory /var/lib/openldap/openldap-data
# Indices
index objectClass eq
index cn,sn,uid eq,sub
index mail eq,sub
# Access controls
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by * readInitialize LDAP Database
# Create LDAP directories
sudo mkdir -p /var/lib/openldap/openldap-data
sudo mkdir -p /var/run/openldap
sudo chown -R ldap:ldap /var/lib/openldap
sudo chown -R ldap:ldap /var/run/openldap
# Generate admin password
slappasswd
# Start LDAP service
sudo rc-update add slapd default
sudo rc-service slapd start
# Create base LDIF
nano base.ldifAdd base LDAP structure:
dn: dc=yourdomain,dc=com
objectClass: top
objectClass: domain
dc: yourdomain
dn: ou=people,dc=yourdomain,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=yourdomain,dc=com
objectClass: organizationalUnit
ou: groups
dn: cn=admin,dc=yourdomain,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: admin
sn: Administrator
uid: admin
mail: [email protected]
userPassword: {SSHA}your-hashed-password-hereImport base structure:
ldapadd -x -D "cn=admin,dc=yourdomain,dc=com" -W -f base.ldifStep 6: JWT Token Management
Create JWT Service
# Create JWT service directory
mkdir -p ~/identity-services/jwt-service
cd ~/identity-services/jwt-service
# Initialize Node.js project
npm init -y
# Install dependencies
npm install express jsonwebtoken bcryptjs cors helmet
npm install dotenv express-rate-limit express-validatorImplement JWT Service
# Create JWT service
nano server.jsAdd JWT implementation:
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const cors = require('cors');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const { body, validationResult } = require('express-validator');
require('dotenv').config();
const app = express();
const PORT = process.env.PORT || 3000;
const JWT_SECRET = process.env.JWT_SECRET || 'your-super-secret-key';
// Middleware
app.use(helmet());
app.use(cors());
app.use(express.json());
// Rate limiting
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per windowMs
});
app.use(limiter);
// In-memory user store (replace with database in production)
const users = [
{
id: 1,
username: 'admin',
email: '[email protected]',
password: '$2a$10$example.hashed.password.here'
}
];
// Authentication middleware
const authenticateToken = (req, res, next) => {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1];
if (!token) {
return res.status(401).json({ error: 'Access denied. No token provided.' });
}
jwt.verify(token, JWT_SECRET, (err, user) => {
if (err) {
return res.status(403).json({ error: 'Invalid token.' });
}
req.user = user;
next();
});
};
// Routes
app.post('/auth/login', [
body('username').isLength({ min: 3 }).trim().escape(),
body('password').isLength({ min: 6 })
], async (req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
const { username, password } = req.body;
// Find user
const user = users.find(u => u.username === username);
if (!user) {
return res.status(401).json({ error: 'Invalid credentials' });
}
// Verify password
const validPassword = await bcrypt.compare(password, user.password);
if (!validPassword) {
return res.status(401).json({ error: 'Invalid credentials' });
}
// Generate tokens
const accessToken = jwt.sign(
{ id: user.id, username: user.username, email: user.email },
JWT_SECRET,
{ expiresIn: '1h' }
);
const refreshToken = jwt.sign(
{ id: user.id, type: 'refresh' },
JWT_SECRET,
{ expiresIn: '7d' }
);
res.json({
accessToken,
refreshToken,
user: {
id: user.id,
username: user.username,
email: user.email
}
});
});
app.post('/auth/refresh', (req, res) => {
const { refreshToken } = req.body;
if (!refreshToken) {
return res.status(401).json({ error: 'Refresh token required' });
}
jwt.verify(refreshToken, JWT_SECRET, (err, decoded) => {
if (err || decoded.type !== 'refresh') {
return res.status(403).json({ error: 'Invalid refresh token' });
}
const user = users.find(u => u.id === decoded.id);
if (!user) {
return res.status(403).json({ error: 'User not found' });
}
const accessToken = jwt.sign(
{ id: user.id, username: user.username, email: user.email },
JWT_SECRET,
{ expiresIn: '1h' }
);
res.json({ accessToken });
});
});
app.get('/auth/verify', authenticateToken, (req, res) => {
res.json({ valid: true, user: req.user });
});
app.get('/protected', authenticateToken, (req, res) => {
res.json({
message: 'This is a protected route',
user: req.user
});
});
app.listen(PORT, () => {
console.log(`JWT Service running on port ${PORT}`);
});Create Environment Configuration
# Create environment file
nano .envAdd configuration:
PORT=3000
JWT_SECRET=your-super-secret-jwt-key-at-least-32-characters
NODE_ENV=productionCreate JWT Service
# Create service script
sudo nano /etc/init.d/jwt-serviceAdd service configuration:
#!/sbin/openrc-run
name="jwt-service"
description="JWT Authentication Service"
user="nobody"
group="nobody"
command="/usr/bin/node"
command_args="/home/user/identity-services/jwt-service/server.js"
pidfile="/var/run/jwt-service.pid"
command_background="yes"
depend() {
need net
}
start_pre() {
cd /home/user/identity-services/jwt-service
}Step 7: Identity Federation Hub
Create Identity Federation Service
# Create federation service
mkdir -p ~/identity-services/federation-hub
cd ~/identity-services/federation-hub
# Initialize project
npm init -y
npm install express passport passport-oauth2 passport-saml
npm install passport-ldapauth session-file-store express-sessionImplement Federation Hub
# Create federation service
nano app.jsAdd federation implementation:
const express = require('express');
const session = require('express-session');
const FileStore = require('session-file-store')(session);
const passport = require('passport');
const OAuth2Strategy = require('passport-oauth2');
const SamlStrategy = require('passport-saml').Strategy;
const LdapStrategy = require('passport-ldapauth');
const app = express();
// Session configuration
app.use(session({
store: new FileStore(),
secret: 'federation-secret-key',
resave: false,
saveUninitialized: false,
cookie: { secure: false, maxAge: 3600000 }
}));
app.use(passport.initialize());
app.use(passport.session());
// Passport serialization
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
// OAuth2 Strategy (for Hydra/Keycloak)
passport.use('oauth2', new OAuth2Strategy({
authorizationURL: 'https://auth.yourdomain.com/oauth2/auth',
tokenURL: 'https://auth.yourdomain.com/oauth2/token',
clientID: 'federation-client',
clientSecret: 'federation-secret',
callbackURL: '/auth/oauth2/callback'
}, async (accessToken, refreshToken, profile, done) => {
// Process OAuth2 user
return done(null, { provider: 'oauth2', profile, accessToken });
}));
// SAML Strategy
passport.use('saml', new SamlStrategy({
entryPoint: 'https://auth.yourdomain.com/saml/sso',
issuer: 'federation-hub',
callbackUrl: 'https://federation.yourdomain.com/auth/saml/callback',
cert: 'path/to/saml/cert.pem'
}, (profile, done) => {
return done(null, { provider: 'saml', profile });
}));
// LDAP Strategy
passport.use('ldap', new LdapStrategy({
server: {
url: 'ldap://localhost:389',
bindDN: 'cn=admin,dc=yourdomain,dc=com',
bindCredentials: 'admin_password',
searchBase: 'ou=people,dc=yourdomain,dc=com',
searchFilter: '(uid={{username}})'
}
}, (user, done) => {
return done(null, { provider: 'ldap', user });
}));
// Routes
app.get('/auth/oauth2', passport.authenticate('oauth2'));
app.get('/auth/oauth2/callback',
passport.authenticate('oauth2', { failureRedirect: '/login' }),
(req, res) => res.redirect('/dashboard')
);
app.get('/auth/saml', passport.authenticate('saml'));
app.get('/auth/saml/callback',
passport.authenticate('saml', { failureRedirect: '/login' }),
(req, res) => res.redirect('/dashboard')
);
app.post('/auth/ldap',
passport.authenticate('ldap', { failureRedirect: '/login' }),
(req, res) => res.redirect('/dashboard')
);
app.get('/dashboard', (req, res) => {
if (!req.isAuthenticated()) {
return res.redirect('/login');
}
res.json({ user: req.user, message: 'Welcome to the federation hub!' });
});
app.listen(4000, () => {
console.log('Federation Hub running on port 4000');
});Step 8: Nginx Reverse Proxy Configuration
Configure Nginx for Identity Services
# Configure Nginx
sudo nano /etc/nginx/nginx.confAdd proxy configuration:
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# OAuth2/OIDC Proxy
upstream hydra_public {
server 127.0.0.1:4444;
}
upstream hydra_admin {
server 127.0.0.1:4445;
}
upstream keycloak {
server 127.0.0.1:8080;
}
upstream jwt_service {
server 127.0.0.1:3000;
}
upstream federation_hub {
server 127.0.0.1:4000;
}
# Main identity service
server {
listen 80;
server_name auth.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name auth.yourdomain.com;
ssl_certificate /etc/ssl/certs/auth.yourdomain.com.pem;
ssl_certificate_key /etc/ssl/private/auth.yourdomain.com.key;
# OAuth2 endpoints
location /oauth2/ {
proxy_pass http://hydra_public/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Keycloak
location /realms/ {
proxy_pass http://keycloak;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SAML endpoints
location /simplesaml/ {
root /opt/simplesamlphp/www;
index index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php8-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# JWT service
location /jwt/ {
proxy_pass http://jwt_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# Federation hub
server {
listen 443 ssl http2;
server_name federation.yourdomain.com;
ssl_certificate /etc/ssl/certs/federation.yourdomain.com.pem;
ssl_certificate_key /etc/ssl/private/federation.yourdomain.com.key;
location / {
proxy_pass http://federation_hub;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}Step 9: Security and Monitoring
Set Up SSL Certificates
# Install certbot for Let's Encrypt
sudo apk add certbot certbot-nginx
# Generate certificates
sudo certbot --nginx -d auth.yourdomain.com
sudo certbot --nginx -d federation.yourdomain.com
# Auto-renewal
echo "0 12 * * * certbot renew --quiet" | sudo crontab -Create Security Monitoring
# Create security monitoring script
sudo nano /usr/local/bin/identity-monitor.shAdd monitoring script:
#!/bin/bash
LOG_FILE="/var/log/identity-security.log"
echo "=== Identity System Security Monitor ===" | tee -a $LOG_FILE
echo "Timestamp: $(date)" | tee -a $LOG_FILE
# Check failed login attempts
FAILED_OAUTH=$(grep "authentication failed" /var/log/nginx/access.log | tail -10 | wc -l)
if [ $FAILED_OAUTH -gt 5 ]; then
echo "WARNING: High number of OAuth authentication failures: $FAILED_OAUTH" | tee -a $LOG_FILE
fi
# Check certificate expiration
CERT_DAYS=$(openssl x509 -in /etc/ssl/certs/auth.yourdomain.com.pem -noout -dates | grep notAfter | cut -d= -f2)
echo "Certificate expires: $CERT_DAYS" | tee -a $LOG_FILE
# Check service status
for service in hydra keycloak jwt-service; do
if pgrep $service > /dev/null; then
echo "β $service: Running" | tee -a $LOG_FILE
else
echo "β $service: Not running" | tee -a $LOG_FILE
fi
done
# Database connection test
if pg_isready -h localhost -p 5432 > /dev/null; then
echo "β PostgreSQL: Connected" | tee -a $LOG_FILE
else
echo "β PostgreSQL: Connection failed" | tee -a $LOG_FILE
fi
echo "=== Monitor Complete ===" | tee -a $LOG_FILESet Up Rate Limiting and Security
# Install fail2ban
sudo apk add fail2ban
# Configure fail2ban for identity services
sudo nano /etc/fail2ban/jail.localAdd fail2ban configuration:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
[nginx-auth]
enabled = true
filter = nginx-auth
logpath = /var/log/nginx/access.log
maxretry = 3
bantime = 7200
[hydra-auth]
enabled = true
filter = hydra-auth
logpath = /var/log/hydra/hydra.log
maxretry = 3
bantime = 3600Conclusion
Youβve successfully implemented a comprehensive digital identity system on Alpine Linux! Your setup includes:
β OAuth 2.0 Server: Ory Hydra for authorization β OpenID Connect Provider: Keycloak for authentication β SAML 2.0 Support: SimpleSAMLphp for enterprise SSO β LDAP Integration: OpenLDAP for directory services β JWT Service: Custom token management β Identity Federation: Multi-protocol identity hub β Security Monitoring: Automated security checks β SSL/TLS Termination: Nginx reverse proxy with HTTPS
Your identity system now supports:
- Single Sign-On (SSO) across multiple applications
- Multi-factor authentication
- Identity federation across organizations
- API authentication with JWT tokens
- Enterprise directory integration
- Secure token management
Remember to:
- Regularly update all identity services
- Monitor authentication logs for suspicious activity
- Backup identity databases and configurations
- Test disaster recovery procedures
- Review and update security policies
Your digital identity system is now ready to provide secure, scalable authentication for your applications! π
Stay secure and protect your usersβ digital identities! π‘οΈ
