About

I'm Pabasara Mahindapala, a Senior Software Engineer at WSO2, based in Colombo, Sri Lanka. I spend most of my working hours helping organisations implement and optimise their Identity and Access Management and enterprise integration solutions - primarily with WSO2 products.

What I work on

My day job sits at the intersection of identity engineering and customer-facing consulting.

I work with customers across multiple industries, which means I’ve seen the same IAM mistake made in at least three different regulatory environments. It keeps the job interesting.

On the side I build open-source projects and experiment with new technologies.

How I work

Five years of working with customers has taught me that the right answer is usually “it depends”, and the value is in knowing what it depends on.

What I write about

Writing is the way I process what I learn. The recurring themes:

• Identity and access management - OIDC, OAuth2, SAML, RBAC, session management, and the edge cases that bite in production
• AI and agents - useful tools, but with a lot of hype around them; I write about what they can actually do, where human judgment is still irreplaceable, and how they work under the hood
• Frontend engineering - Angular, RxJS patterns, component architecture, and the tradeoffs that don’t show up in tutorials
• Software architecture - system design, and applying patterns to real problems
• What breaks in production - war stories and post-mortems, because failure is the best teacher

Most of my long-form writing appears on Medium.

Get in touch

• Email: pabasaramahindapala[at]gmail[dot]com
• GitHub: pabasara-mahindapala
• LinkedIn: pabasara-mahindapala
• Medium: @pabasaramahindapala
• Twitter / X: @pabasara_mahi
• Gravatar: pabasaramahindapala
• Stack Overflow: pabasara-mahindapala