Alexander Garcia
5+ years building and scaling the authentication and identity infrastructure that serves millions of Veterans and their families
Alexander Garcia is a hands-on Front-End Web Developer who crafts functional user interfaces.
Alexander Garcia is a detail-oriented Website Specialist who builds UX-focused and accessible websites.
Alexander Garcia is an effective Website Developer who creates delightful websites.
Alexander Garcia is a dedicated UI Developer who designs cutting-edge software.
Alexander Garcia is a detail-oriented Senior JavaScript Developer who builds modular, human-centered products.
Lead Frontend Engineer
Aug 2020 - Oct 2025
Department of Veterans AffairsOCTO Identity Team
Veterans and families authenticated through my code over five years
Veterans accepted ToU through the System of Record I built
20 apps using the Unified Sign-in Page that I architected and built
Commits across Department of Veterans Affairs Github repositories
Sign-in redirects eliminated through OAuth 2.0 implementation
Hours maintaining critical authentication infrastructure and fixing issues
For five years, I served on the OCTO Identity team at VA.gov, responsible for the authentication, authorization, and identity verification systems that millions of Veterans and their families depend on daily. For me this wasn't just another engineering role because for me - its personal.
I'm also a Veteran, and I've seen how difficult it is for some of my Veteran friends and family members. It is a mission to modernize VA.gov's infrastructure and ensure Veterans could securely access their benefits, healthcare, and services.
From building custom OAuth 2.0 implementations to architecting unified sign-in experiences across 20+ applications, I helped transform VA.gov from a fragmented authentication landscape into a cohesive, secure, and Veteran-first platform that Veterans and their family members can depend on.
I architected and built a centralized authentication hub that serves as the single entry point for 20+ VA applications, including My HealtheVet, eBenefits, and the VA Health and Benefits mobile app. This unified approach eliminated fragmented sign-in experiences and created a consistent, trustworthy authentication flow for Veterans.
Each VA app had its own sign-in flow, creating confusion and security risks
27 redirects during sign-in created cognitive overload and poor UX
No standardized way for partner apps to integrate authentication
A single sign-in page serving 20+ apps with consistent and unified UX
Support for multiple credential types (ID.me, Login.gov, DS Logon, My HealtheVet)
Seamless integration for web, mobile, and API applications
This architecture became the foundation for all VA.gov authentication, processing over 200 million sign-ins and enabling the VA mobile app team to seamlessly transition from SAML to OAuth 2.0, complete with automatic single sign-on for WebView sessions.
When the VA needed to implement OAuth 2.0 authentication but couldn't use external dependencies due to security constraints, I built a complete OAuth 2.0 client-side SDK from scratch including hand-writing the cryptographic libraries required for secure token handling, all while working within the constraints of Node v14
Hand-wrote cryptographic utilities for PKCE, token validation, and secure session management without external dependencies
Implemented complete OAuth 2.0 authorization code flow with PKCE extension from official RFC 7636 specifications
Created authentication broker selector supporting both OAuth 2.0 and legacy SAML flows
This implementation reduced sign-in redirects from 27 to 7, dramatically improving user experience while maintaining security standards. The cookie-based authentication broker selector I designed allowed seamless switching between OAuth 2.0 (Sign-in Service) and SAML (IBM ISAM) protocols, enabling gradual migration without disrupting existing users.
Node v14 constraints meant building crypto primitives by hand
Zero external dependencies for security compliance and speed
I designed and built the official System of Record (SOR) for all VA.gov Terms of Use acceptances, creating a centralized compliance platform that has served 6.9 million Veteran acceptances. This system ensures legal compliance while providing a seamless user experience.
Single source of truth for all online ToU acceptances and denials across VA.gov systems
Complete audit trail of acceptances with timestamps and version tracking for regulatory compliance
Streamlined acceptance flow integrated into authentication without disrupting user experience
Successfully processed 6.9M+ acceptances while maintaining high availability and data integrity
I built a comprehensive developer tooling platform to solve a critical pain point: finding and using test credentials. The Test User Dashboard automated the transformation of Markdown credential files into a searchable database, while Mocked Authentication eliminated local setup complexity entirely.
Test credentials scattered across various Markdown files
No way to search by email, user attributes, or use cases
Local setup for authentication was finicky and time-consuming for most people
Engineers, QA analysts, Designers, and Product Managers just wanted to be signed in to test their use cases
Markdown parser with searchable UI
Search by email, user attributes, or specific use cases
Mocked Authentication for instant sign-in
OAuth-based access control for dashboard security
This tooling transformed the developer experience across the entire VA.gov engineering organization. Engineers, QA testers, designers, and product owners could instantly find test users matching their exact requirements, while Mocked Authentication eliminated authentication setup entirely for local development.
I conceptualized and pitched an Auth0/Okta-style Identity Platform for VA.gov, envisioning a future where partner apps could self-service their authentication integrations. I also designed the Risk Engine concept to combat Direct Deposit fraud through real-time risk scoring and anomaly detection. Most recently, I built a Passkeys proof of concept to bring passwordless authentication to VA.gov.
Self-service STS (System-to-System) token setup
Certificate rotation management for partner apps
Auto-generated configs for credential types and assurance levels
Near real-time fraud detection for Direct Deposit changes
Risk scoring for authenticated users
Anomaly detection for account takeover prevention
Built passwordless authentication using WebAuthn standard
Demonstrated future-ready authentication without passwords
These initiatives demonstrated architectural vision beyond implementation work. The Risk Engine concept led to hiring a machine learning expert to build production fraud detection systems, while the Identity Dashboard laid groundwork for VA.gov's evolution toward a modern identity platform. Most recently, the Passkeys proof of concept showcased passwordless authentication using WebAuthn, positioning VA.gov for future adoption whenever it's ready.
Launched modern ID.me and Login.gov credentials on VA.gov and VAHB mobile app
Consulted with the mobile team to bring automatic Single Sign-On (SSO) through WebView sessions
Standardized Identity Frontend patterns across VA.gov and VA Design System
Migrated VAHB mobile app from a SAML-based broker to using OAuth 2.0 to cut down redirects
Building authentication for 200M+ users taught me that decisions made at scale have vastly different consequences. A small UX improvement or security enhancement affects millions of Veterans. Performance, reliability, and security aren't optional they're mission-critical.
Being unable to use external dependencies forced me to deeply understand OAuth 2.0 and cryptography fundamentals. Working with Node v14 constraints taught me to build robust solutions without modern conveniences. These limitations made me a better engineer because I had to think outside-the-box.
The Test User Dashboard and Mocked Authentication tools demonstrated that investing in developer tooling pays massive dividends. When engineers can focus on building features instead of fighting authentication setup, everyone wins.
My most impactful work wasn't just writing code it was architecting systems that helped both Veterans, their families AND the teams that help them. My work enabled teams across VA.gov to move faster. The Unified Sign-in Page, Identity Dashboard concept, and dual-protocol support created leverage for dozens of teams.
Get In Touch
Ready to start your next project? Let's discuss how we can work together
I'm always interested in new opportunities and exciting projects. Whether you have a specific project in mind or just want to chat about possibilities, feel free to reach out!