case-study-extra
Case Study: Extra Card
Overview
Extra is a debit card that helps members build credit by reporting everyday purchases to the major credit bureaus. Behind that experience is a financial platform responsible for securely authenticating users, protecting sensitive financial data, and supporting a rapidly growing product.
As the company scaled, our authentication infrastructure became a bottleneck. Every authenticated request depended on a centralized API and database, limiting our ability to scale while increasing operational risk.
My Role
As a Software Engineer on the Core Platform team, I helped build a new authentication and authorization service using AWS Cognito. We introduced Cognito User Pools as the new source of truth for identity management, with the long-term goal of replacing our existing authentication infrastructure. My work included:
Designing and implementing the authentication microservice
Provisioning AWS infrastructure with CDK and TypeScript
Migrating identity management to Cognito User Pools
Supporting the transition from a monolithic authentication model toward a service-oriented architecture
The Problem
Authentication had become one of the platform's biggest architectural constraints.
Every request required a round trip through a monolithic authentication service, creating unnecessary latency and tightly coupling multiple applications to a single database. At the same time, our existing authentication solution introduced security concerns and became increasingly difficult to maintain as engineering teams grew and ownership expanded. The challenge wasn't simply replacing authentication—it was designing a foundation that could scale with both the product and the organization.
Secure Login Migration
Security improvements often introduce friction. I helped design and build a guided onboarding flow that transitioned existing members to a new authentication system while keeping the experience simple, trustworthy, and uninterrupted.
Technical Challenges
Moving authentication into its own service wasn't just an infrastructure change—it touched nearly every part of the platform. We needed to:
Preserve a seamless member experience during migration.
Improve the platform's security posture.
Reduce dependency on a centralized authentication API.
Create an architecture that multiple engineering teams could evolve independently.
By separating authentication into its own service, we reduced coupling between applications and established a more scalable identity platform for future growth.
Reflection
This project changed the way I think about software architecture. The technical challenge wasn't simply choosing AWS Cognito—it was understanding how authentication influences nearly every part of a product. Working on a platform concern like identity required balancing security, developer experience, scalability, and long-term maintainability while coordinating changes across multiple teams.