Authentication
Authentication explains how users, services, and integrations prove identity before accessing AeThex systems.
Authentication model
Authentication starts with Passport and extends into API, app, and organization access.
AeThex authentication should be handled through Passport wherever possible. Passport acts as the user-facing identity layer, while APIs and backend services validate sessions, tokens, or service credentials against that identity context.
Common flows
- User sign-in through Passport.
- Account linking through Linked-Accounts.
- Organization access checks through Organizations and Teams.
- API requests authenticated through documented credentials in Api-Reference.
- Automation and local tooling authenticated through CLI or SDKs.
Implementation checklist
- Choose the identity flow: user session, linked account, or service credential.
- Request only the scopes needed for the integration.
- Validate tokens server-side before trusting user claims.
- Check Permissions after authentication; identity alone is not authorization.
- Log security-relevant failures for audit and support.
Warning
Do not store long-lived secrets in client-side code, public repos, browser storage, or Discord bot commands.