Skip to main content

Authentication & Access Control

Authentication Methods

The platform implements multiple authentication mechanisms:

JWT Authentication

JSON Web Tokens (JWT) are used as the primary authentication method:

  • Token Structure: Standard JWT with header, payload, and signature
  • Token Lifetime: Access tokens expire after 60 minutes
  • Refresh Mechanism: Sliding expiration with secure refresh tokens
  • Storage: HTTP-only cookies with secure and SameSite flags

Blockchain Authentication

The platform integrates with blockchain wallets for authentication:

  • MPC Wallet Integration: Implemented via thirdweb for secure key management
  • Transaction Signing: Platform can partial-sign transactions after compliance checks
  • Multi-signature Support: Organizational accounts can require multiple approvers
  • Security Model: Key shares distributed between platform and user for enhanced security

Multi-Factor Authentication (MFA)

For enhanced security, the platform supports:

  • Time-based One-Time Passwords (TOTP) via authenticator apps
  • Email verification codes for identity confirmation
  • Hardware security keys (WebAuthn/FIDO2 support)

Authorization Model

The platform implements Role-Based Access Control (RBAC):

User Roles

RoleDescriptionAccess Level
AdministratorFull system access for platform managementHighest
ManagerAdministrative access for specific organizational unitsHigh
UserStandard access to platform featuresNormal
ViewerRead-only access to permitted resourcesLowest

Permission Structure

Permissions are structured hierarchically:

  1. Resource-based permissions: Controls access to specific resources
  2. Action-based permissions: Controls what actions can be performed
  3. Scope-based permissions: Limits access to specific data scopes

Access Control Implementation

  • Authorization checks occur at both API and UI levels
  • Token validation confirms user identity and roles before processing requests
  • Permission inheritance follows organizational structure
  • Dynamic permission updates take effect immediately across the system