Blame
|
1 | # Authentication |
||||||
| 2 | ||||||||
|
3 | Authentication explains how users, services, and integrations prove identity before accessing AeThex systems. |
||||||
|
4 | |||||||
|
5 | <div class="docs-section-heading"> |
||||||
| 6 | <h2>Authentication model</h2> |
|||||||
| 7 | <p>Authentication starts with Passport and extends into API, app, and organization access.</p> |
|||||||
| 8 | </div> |
|||||||
|
9 | |||||||
|
10 | AeThex authentication should be handled through [[Passport]] wherever possible. Passport acts as the user-facing identity layer, while APIs and backend services validate sessions, tokens, or service credentials against that identity context. |
||||||
| 11 | ||||||||
| 12 | ## Common flows |
|||||||
| 13 | ||||||||
| 14 | - User sign-in through [[Passport]]. |
|||||||
| 15 | - Account linking through [[Linked-Accounts]]. |
|||||||
| 16 | - Organization access checks through [[Organizations]] and [[Teams]]. |
|||||||
| 17 | - API requests authenticated through documented credentials in [[Api-Reference]]. |
|||||||
| 18 | - Automation and local tooling authenticated through [[CLI]] or [[SDKs]]. |
|||||||
| 19 | ||||||||
| 20 | ## Implementation checklist |
|||||||
| 21 | ||||||||
| 22 | 1. Choose the identity flow: user session, linked account, or service credential. |
|||||||
| 23 | 2. Request only the scopes needed for the integration. |
|||||||
| 24 | 3. Validate tokens server-side before trusting user claims. |
|||||||
| 25 | 4. Check [[Permissions]] after authentication; identity alone is not authorization. |
|||||||
| 26 | 5. Log security-relevant failures for audit and support. |
|||||||
| 27 | ||||||||
| 28 | <div class="docs-grid"> |
|||||||
| 29 | <a class="docs-card" href="/Passport">Passport</a> |
|||||||
| 30 | <a class="docs-card" href="/Permissions">Permissions</a> |
|||||||
| 31 | <a class="docs-card" href="/Security">Security</a> |
|||||||
| 32 | <a class="docs-card" href="/Api-Reference">API Reference</a> |
|||||||
| 33 | </div> |
|||||||
| 34 | ||||||||
| 35 | > [!WARNING] |
|||||||
| 36 | > Do not store long-lived secrets in client-side code, public repos, browser storage, or Discord bot commands. |
|||||||