Blame

572610 Anonymous 2026-06-20 21:50:43
Add AeThex documentation page
1
# Authentication
2
23c404 Anonymous 2026-06-23 02:43:54
Build out AeThex documentation pages
3
Authentication verifies that a request belongs to a real AeThex user, service, or integration.
572610 Anonymous 2026-06-20 21:50:43
Add AeThex documentation page
4
23c404 Anonymous 2026-06-23 02:43:54
Build out AeThex documentation pages
5
---
572610 Anonymous 2026-06-20 21:50:43
Add AeThex documentation page
6
23c404 Anonymous 2026-06-23 02:43:54
Build out AeThex documentation pages
7
## Supported Concepts
8
9
AeThex authentication can include:
10
11
- Passport session authentication
12
- OAuth-style authorization flows
13
- API keys for server integrations
14
- Webhook signatures
15
- Discord account linking
16
- Game/session tokens
17
18
---
19
20
## Recommended Flow
21
22
For most applications:
23
24
1. Redirect the user to Passport or an AeThex auth surface.
25
2. Receive an authorization response.
26
3. Exchange for a scoped token server-side.
27
4. Store only what your application needs.
28
5. Refresh or revalidate when required.
29
30
---
31
32
## Security Requirements
33
34
- Never store private keys in clients.
35
- Keep API keys server-side.
36
- Use HTTPS only.
37
- Validate webhook signatures.
38
- Rotate compromised credentials immediately.
39
- Log auth failures without leaking secrets.
40
41
---
42
43
## Related
44
45
- [[Passport]]
46
- [[API-Reference]]
47
- [[Security]]