radiko began considering revamping its customer identity infrastructure back in 2020. At the time, the infrastructure was being used to manage users who were using paid services, but it was necessary to enhance the following functions to expand the business in the future.

• Dealing with the renewal of the radiko app
• Addition of free membership functions and social media login function to acquire new users
• Expansion of member attribute data to improve the accuracy of targeted advertising
• Compliance with standard specifications to improve security and realize identity federation with external sites
• Implementation of in-app charging to lower the barrier to using paid services

It was also expected that the adoption of the standard specification would streamline the app development and contribute to the smooth renewal of the radiko app.

In building an OIDC-compliant ID infrastructure, it was necessary to satisfy several requirements.

The first requirement was compliance with the OIDC specification. The final version of the OIDC Core specification was finalized in 2014. However, additional extension specifications and their application methods (practices) have appeared one after another. Understanding the trends in the development of these specifications, selecting them, and continuing to apply them to the identity infrastructure as appropriate was not easy due to high maintenance costs.

Development flexibility and scalability were also important. To have complete control over the user interface, such as the login screen, and to smoothly migrate from the existing member authentication infrastructure to a new OIDC-compliant authentication infrastructure, radiko wanted to adopt an architecture that can be internally developed and operated easily.

radiko decided that implementing OIDC from scratch was not realistic and considered using an external solution. The first two candidates were Identity as a Service (IDaaS), such as Auth0 or Amazon Cognito, and open source software (OSS), such as Keycloak or Hydra. Nevertheless, as a result of close examination, it became clear that neither of them could meet radiko’s expectations.

Particularly in terms of cost, while IDaaS is feature-rich and can reduce developer hours, the operational costs are high. In the case of OSS, although the license fee is free, the costs associated with understanding the OSS specifications, as well as the OIDC specifications, building the infrastructure, and continuing to operate it were expected to be a burden.

"Is there something in between IDaaS and OSS?” Tanigawa wondered. As a result of further searching for a solution, the project team came across Authlete. After a comprehensive evaluation, radiko decided to adopt Authlete. The following three points were the deciding factors in its decision:

• Reduction of development costs: Developer hours can be reduced because comprehensive documentation and API specifications in OpenAPI format were being provided, radiko’s technology stack could be used as is to develop the OIDC server, and a library for calling the Authlete API was also being provided in the Go language used by radiko.
• Ensuring quality: For radiko, stable operation of the OIDC server that serves as the backbone of the services is essential. Authlete, which provides protocol processing and token management functions of the OIDC server, is reliable, including its service operation infrastructure. In addition, Authlete has a proven track record of keeping up with updates to the OIDC specification.
• Flexibility of API: Authlete is a completely headless service, and the OIDC server can freely control how the API is called. By leveraging this feature, radiko can implement a “migration API” to migrate to a new OIDC-based infrastructure while maintaining the login sessions of the existing identity infrastructure.

The OIDC infrastructure development project leveraging Authlete started in November 2020. Design and development progressed simultaneously with prototyping, and implementation was completed the following January 2021. Testing and production environments were subsequently built, and the new infrastructure was released in April 2021. The project continued smoothly thereafter, with the free membership features being rolled out in the same year, social media login and in-app charging in 2022, and the app being renewed in 2023. As a result of these measures, the numbers of members and listeners have both increased. The number of users using paid services is also growing.

One direct effect of introducing Authlete is improved operational stability. “With the old infrastructure, we had issues with instability, such as users being automatically logged out when access was heavy, but introducing Authlete dramatically improved the situation,” said Tanigawa. Nakamoto added, “Because we can leave it to Authlete to comply with security specifications such as OIDC, we can now speed up the cycle of internally developing and providing new services and new functions.”

In addition, Tanigawa said, “When we requested the expansion of the functionality of the token introspection API, Authlete not only created the API but also implemented a client library in the Go language in just half a day. We were impressed.” He added that one of the benefits of adopting Authlete is the speed with which the company can provide features that reflect the requests of multiple clients, including radiko.

“We hope to continue deepening our relationships with users, primarily through the OIDC infrastructure, while also promoting identity federation with partner companies and increasing the added value of the overall service,” said Nakamoto. radiko has high hopes for the OIDC infrastructure to help further evolve its customer identity infrastructure.