Azure Identity & Security Engineer with 10+ years building enterprise-scale authentication systems and developer platforms. Formerly at Microsoft, specializing in OAuth 2.0, OpenID Connect, Microsoft Graph, and secure cloud integrations. Certified Ethical Hacker & Junior Penetration Tester.
// 01 — about me
BlackAdi is the dev alias of Odai Shalabi — a software engineer based in Amman, Jordan. Over the past decade I've worked at Microsoft, Samsung Electronics, and AMZ00, building at the intersection of identity security, enterprise APIs, and modern web development.
At Microsoft I specialize in the MSAL library, MS Graph API, and Azure Identity — debugging production issues, building POCs, and guiding enterprise engineers through OAuth 2.0 and OpenID Connect implementations across all major frameworks.
Outside of work, I build open-source tools, earn security certifications, and take deep dives into the protocols that power modern identity infrastructure.
Certifications
Education
Languages
Technical Skills
Auth & Security
Frontend
Backend & APIs
Cloud & Infra
Tools & Platforms
// 02 — experience
// 03 — projects
Production-grade OpenID Connect server with full spec compliance
A fully-featured OAuth 2.0 / OpenID Connect authorization server built on Express.js and the Authlete SDK. Implements all major endpoints including authorization, token, userinfo, introspection, revocation, and JWKS — with interactive session-based login and consent flows, PKCE support, and structured request-level logging.
Privacy-first breach detection CLI using k-anonymity
A zero-compromise Node.js CLI that checks passwords against billions of leaked credentials via the HaveIBeenPwned API — without ever transmitting the actual password. Uses k-anonymity: only the first 5 chars of the SHA-1 hash are sent, matching is done locally. Supports batch mode for auditing entire password lists, JSON output for CI pipelines, masked interactive input, and a --debug flag to inspect the hashing internals.
ChatGPT-style real-time chat app built with Next.js & Azure OpenAI
Chatty is a real-time ChatGPT-style web application built with Next.js and Azure OpenAI. It focuses on modern authentication patterns using NextAuth.js, secure session handling, protected routes, and a responsive, production-ready chat UI.
Real-time Microsoft 365 change notifications via Azure Event Grid
An ASP.NET Core web application that subscribes to Microsoft Graph change notifications delivered through Azure Event Grid. Monitors Microsoft 365 group membership changes in real-time — no polling. When a user or service principal is added or removed from a group, the app receives a webhook event via Event Grid partner topics and applies delta queries to compute exactly what changed.
AI-inspired color palette & font pairing generator
A browser-native tool for generating harmonious color palettes and curated font pairings. Built as a pure vanilla JS app — no framework, no build step, zero dependencies — deployed instantly to GitHub Pages. Generates aesthetically-coherent combinations using color theory algorithms and typography pairing rules.
Client–server Node.js application with documented system design
A full-stack Node.js application focused on clean client–server separation and system design clarity. The project demonstrates RESTful API development with Express, structured project organization, and includes a documented architectural diagram to clearly communicate data flow and responsibilities.
Video streaming UI with Redux state management
A React-based video streaming interface demonstrating Redux for global state management. Covers video playback controls, playlist state, and complex UI interactions managed through a Redux store — a practical exploration of predictable state containers in media applications.
Browser-based reaction time measurement game
A fast-paced browser reaction game that measures and benchmarks human reaction time with millisecond precision using the Web Performance API. Simple, addictive, and shareable — built with pure web technologies, no libraries required.
// 04 — contact
Whether you have a role in mind, a project to collaborate on, or just want to talk OAuth and security — I'm always open to interesting conversations.
Open to full-time roles and interesting contract work. Remote-first, timezone-flexible. Typically respond within 48 hours.
All fields required — I read every message personally.