Ryan Higdon
Principal Software Engineer — Identity & Access Management
About
20+ years building and operating distributed systems at scale. For the past four years I've led Authentication & Authorization infrastructure at Elsevier, designing the IAM platform that secures enterprise healthcare applications for millions of users worldwide.
My focus is on making the secure path the easy path — building identity systems and paved roads that engineering teams actually want to use, rather than security controls imposed from the outside.
About this site
This portfolio is itself an IAM system. It's built on Keycloak (OIDC/OAuth2), a Next.js frontend using NextAuth.js, and Nginx as a TLS-terminating reverse proxy — all running in Docker Compose on a VPS.
Access to content is gated by Keycloak realm roles and enforced server-side in Next.js App Router. There are three tiers:
- Anonymous — public content (this page)
- user — self-service sign-up; unlocks resume and LinkedIn
- recruiter — manually granted; reveals contact info
Role assignment follows least-privilege: new accounts get the user role by default via a Keycloak default role mapping. The recruiter role is granted manually after establishing contact, keeping personal information off the public internet while still making it easy to share once trust is established.
The OIDC flow uses Authorization Code + PKCE. Keycloak issues a signed JWT containing the user's realm roles, which NextAuth maps into the session. The Next.js server components read the session on every request — no client-side role checks, no token storage in localStorage.