FerriskeyKey capabilities
Flow Recording
Each authentication request creates a CompassFlow — a complete record from first request to token issuance or failure.
Step-Level Detail
7 step types tracked individually: authorize, credential validation, MFA, token exchange, IdP redirect/callback, and finalize.
Per-Step Timings
Every step records its duration in milliseconds. Spot slow Argon2 rounds, external IdP latency, or database bottlenecks.
Rich Error Context
Failures include machine-readable error codes and human-readable messages — not just a 401.
Zero Overhead Off
When disabled, the FlowRecorder short-circuits immediately — no channels, no writes, no allocations.
Queryable
Query flows by user, client, grant type, status, or time range through the admin API.
How it works
Flow created
Authentication request arrives. Compass creates a flow with realm, client, grant type, IP, and user agent.
Steps recorded
Each phase of authentication — authorize, credential check, MFA, token exchange — is recorded with timing and outcome.
User identified
After successful credential validation, the user ID is attached to the flow, linking it for future queries.
Flow completed
Authentication finishes. The flow is marked success, failure, or expired with total duration in milliseconds.
Ready to use Compass?
Full reference, configuration options, and examples in the documentation.