Security — Libermall ID

Two-factor auth

TOTP, WebAuthn passkeys, hardware keys (YubiKey, SoloKey)

JWT RS256

4096-bit signature, JWKS rotation every 90 days

OIDC Certified

OpenID Connect 1.0, OAuth 2.1, SAML 2.0 compatible

Audit log

12-month retention, GDPR export on request

Rate-limit

Per-IP / per-account / per-token brute-force protection

Session management

List of active devices + one-click remote revoke

Open source

Casdoor core + our UI public on github.com/LiberMall

Self-hosted

Isolated Frankfurt VPS, only ports 22/80/443 open

Disclosure policy

Found a vulnerability? Report it to security@libermall.com. Bug bounty rewards $50–$5000 depending on severity. We credit researchers publicly (with consent).

Compliance roadmap

GDPR — compliant today (export/delete on request within 30 days)
SOC 2 Type 1 — Q4 2026 (in audit)
ISO 27001 — 2027