On Friday before my winter break, we had a hack day at Zemanta. My hack day project was authentication-facade which aims to be a simple proxy to internal applications with authentication implemented through Google OAuth service. The problem I was trying to solve with authentication-facade is providing access to internal dashboard to our American colleagues without the need for virtual private network (VPN) which is a potential security issue and is non-trivial to set up. Furhermore, many public wireless networks limit traffic to port 80, thus limiting VPN service and preventing me from checking the health of Zemanta's system from my favorite vacation spots. The authentication-facade is composed of two main components. The first component implements authentication of authorized users using Google OAuth protocol. The second component is a proxy/bridge to internal applications by selectively exposing public URLs for resources only available internally. Requiring an explicit mapping for every internal resource that we want to expose makes for some extra work, but it also makes the authentication-facade much more secure.