Skip to main content

Authentication & User Management

The authentication and user management system provides secure, flexible access control for all platform users.

Authentication Methods

Email & Password Authentication

The platform implements a secure JWT-based authentication system for traditional email and password login:

  • Secure password hashing using bcrypt
  • JWT token generation with 60-minute expiry
  • Refresh token rotation for enhanced security
  • Account lockout protection against brute force attacks

Wallet Integration

For blockchain interactions, the platform supports wallet-based authentication:

  • MetaMask wallet integration
  • thirdweb integration for MPC wallets and blockchain connectivity
  • Signature-based authentication
  • Wallet address verification and binding
  • Support for multiple connected wallets per user

Enterprise Authentication

For organization deployments, the platform supports:

  • Custom JWT authentication for enterprise integrations
  • SAML authentication capability
  • Single sign-on (SSO) options
  • Role mapping from external identity providers

Session Management

The platform implements robust session management:

  • Automatic token refresh mechanism
  • Configurable session timeouts
  • Multi-device session tracking
  • Forced logout capability for security incidents

User Profile Management

Users can manage their personal information through:

  • Editable profile information
  • Contact details management
  • Notification preferences
  • Connected accounts management

Security Features

Authentication security is enhanced with:

  • Two-factor authentication support
  • IP-based login restrictions
  • Login attempt monitoring
  • Secure password reset workflow
  • Email verification requirements

Technical Implementation

The authentication system is built on modern security principles:

  • Stateless authentication using JWT
  • Token encryption using industry-standard algorithms
  • HTTPS-only cookie storage options
  • CSRF protection mechanisms
  • XSS prevention through proper token handling

Integration Points

The authentication system integrates with other platform components:

  • Role-based access control system
  • Audit logging for security events
  • Identity verification providers
  • Notification system for security alerts