This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
You'll own the identity layer that powers every Lovable app — from auth flows and session management to RBAC, API keys, and multi-tenancy isolation. This is a high-trust, high-impact role at the intersection of security, product, and platform engineering, shaping how millions of end users authenticate into AI-generated applications.
Job Responsibility
Design and build the Apps Platform's identity and access management system, covering both platform-level auth (Lovable users) and app-level auth (end users of Lovable-generated apps)
Implement authentication flows: OAuth 2.0/OIDC, magic links, social login providers, MFA, and session management
Build a robust authorization model: RBAC, row-level security, API key management, and fine-grained permissions
Own multi-tenancy isolation — ensuring that user apps, data, and credentials are securely separated
Manage secrets infrastructure: secure storage, rotation, and access control for database credentials, API keys, and service tokens
Migrate identity services from the current bundled setup to a fully owned, composable identity layer without breaking user sessions
Operate auth as a production service: monitoring, alerting, incident response, and capacity planning for a system on the critical path of every request
Collaborate with the AI and product teams to ensure that generated apps get secure-by-default auth without requiring user expertise
Requirements
Deep expertise in identity and access management: OAuth 2.0, OIDC, SAML, JWT, session management, and token lifecycle
Experience building or operating auth systems at scale — ideally in a multi-tenant SaaS or PaaS context
Strong security mindset: you treat credential leakage, privilege escalation, token theft, and tenant isolation as first-class concerns
Experience with RBAC/ABAC models and row-level security in Postgres
Familiarity with identity providers and auth services (Auth0, Supabase Auth, Clerk, Firebase Auth, Keycloak, etc.)
Comfortable with TypeScript across backend services and API layers
You've migrated auth systems or transitioned between identity providers in production without breaking user sessions
Operational instincts: you think in uptime, latency percentiles, and blast radius — auth outages take down everything downstream
You’re based in Stockholm or ready to relocate - this is an on-site, 5-days-a-week role
Nice to have
Experience with secrets management tools (Vault, AWS Secrets Manager, or similar)
Background in compliance-relevant auth work (SOC 2, GDPR, HIPAA)
Familiarity with Supabase Auth internals (GoTrue) or similar open-source auth servers
Experience designing auth for AI-generated or low-code applications
Familiarity with managed cloud services (AWS, GCP) and the tradeoffs of buy-vs-build for identity infrastructure