Завантаження документації... Підготовка контенту платформи Ring
Welcome — mission & audiences
Quick entry (CTOs · auditors · agents) Завантаження документації... Підготовка контенту платформи Ring
Завантаження документації... Підготовка контенту платформи Ring
🔐 Authentication Architecture
Ring Platform Authentication System - Auth.js v5 powered multi-provider authentication with advanced security, role-based access control, and seamless Web3 integration.
📋 Overview
Ring Platform implements a sophisticated multi-layer authentication architecture that combines traditional OAuth providers, passwordless magic links, and cutting-edge Web3 wallet authentication with revolutionary PIN security (no seed phrases required).
Key Features
✅ 5 Authentication Providers - Google (GIS + OAuth), Apple, Magic Links, Crypto Wallets, PIN Security
✅ Auth.js v5 Modern Stack - Latest authentication framework with edge runtime compatibility
✅ 5-Tier Role Hierarchy - VISITOR → SUBSCRIBER → MEMBER → CONFIDENTIAL → ADMIN
✅ Multi-Backend Support - Works with k8s-postgres-fcm, firebase-full, and supabase-fcm modes
✅ Web3 Without Complexity - Users authenticate socially, get Web3 wallets automatically
✅ PIN Security System - Revolutionary Web3 access without seed phrases
✅ GDPR/CCPA Compliant - 30-day grace period account deletion with audit trails
✅ Email Linking - Automatic account linking for same email across providers
✅ KYC Integration - Document upload with Vercel Blob storage
🏗️ Architecture Mindmap
🔐 Authentication Architecture
Ring Platform Authentication System - Auth.js v5 powered multi-provider authentication with advanced security, role-based access control, and seamless Web3 integration.
📋 Overview
Ring Platform implements a sophisticated multi-layer authentication architecture that combines traditional OAuth providers, passwordless magic links, and cutting-edge Web3 wallet authentication with revolutionary PIN security (no seed phrases required).
Key Features
✅ 5 Authentication Providers - Google (GIS + OAuth), Apple, Magic Links, Crypto Wallets, PIN Security
✅ Auth.js v5 Modern Stack - Latest authentication framework with edge runtime compatibility
✅ 5-Tier Role Hierarchy - VISITOR → SUBSCRIBER → MEMBER → CONFIDENTIAL → ADMIN
✅ Multi-Backend Support - Works with k8s-postgres-fcm, firebase-full, and supabase-fcm modes
✅ Web3 Without Complexity - Users authenticate socially, get Web3 wallets automatically
✅ PIN Security System - Revolutionary Web3 access without seed phrases
✅ GDPR/CCPA Compliant - 30-day grace period account deletion with audit trails
✅ Email Linking - Automatic account linking for same email across providers
✅ KYC Integration - Document upload with Vercel Blob storage
🏗️ Architecture Mindmap
🔐 Authentication Architecture
Ring Platform Authentication System - Auth.js v5 powered multi-provider authentication with advanced security, role-based access control, and seamless Web3 integration.
📋 Overview
Ring Platform implements a sophisticated multi-layer authentication architecture that combines traditional OAuth providers, passwordless magic links, and cutting-edge Web3 wallet authentication with revolutionary PIN security (no seed phrases required).
Key Features
✅ 5 Authentication Providers - Google (GIS + OAuth), Apple, Magic Links, Crypto Wallets, PIN Security
✅ Auth.js v5 Modern Stack - Latest authentication framework with edge runtime compatibility
✅ 5-Tier Role Hierarchy - VISITOR → SUBSCRIBER → MEMBER → CONFIDENTIAL → ADMIN
✅ Multi-Backend Support - Works with k8s-postgres-fcm, firebase-full, and supabase-fcm modes
✅ Web3 Without Complexity - Users authenticate socially, get Web3 wallets automatically
✅ PIN Security System - Revolutionary Web3 access without seed phrases
✅ GDPR/CCPA Compliant - 30-day grace period account deletion with audit trails
✅ Email Linking - Automatic account linking for same email across providers
✅ KYC Integration - Document upload with Vercel Blob storage
🏗️ Architecture Mindmap
🔄 Complete Authentication Flow
Multi-Provider Authentication Architecture
🌐 Authentication Providers
1. Google Authentication (Dual Mode) Traditional OAuth + Google Identity Services (GIS)
Traditional OAuth: Full redirect flow for maximum compatibilityGIS One Tap: Client-side popup for instant authenticationTheme Support: GIS button dynamically switches outline (light) / filled_black (dark)Email Linking: Accounts with same email automatically linked Configuration:
// auth.config.ts - Google OAuth provider
2. Apple Sign-In Native iOS/macOS + Web Integration
Automatic Email Linking: Apple accounts link to existing Google accounts with same emailPrivacy Protection: Users can hide email (Apple provides proxy email)Native Integration: Seamless on iOS/macOS devices
🔄 Complete Authentication Flow
Multi-Provider Authentication Architecture
🌐 Authentication Providers
1. Google Authentication (Dual Mode) Traditional OAuth + Google Identity Services (GIS)
Traditional OAuth: Full redirect flow for maximum compatibilityGIS One Tap: Client-side popup for instant authenticationTheme Support: GIS button dynamically switches outline (light) / filled_black (dark)Email Linking: Accounts with same email automatically linked Configuration:
// auth.config.ts - Google OAuth provider
2. Apple Sign-In Native iOS/macOS + Web Integration
Automatic Email Linking: Apple accounts link to existing Google accounts with same emailPrivacy Protection: Users can hide email (Apple provides proxy email)Native Integration: Seamless on iOS/macOS devices
🔄 Complete Authentication Flow
Multi-Provider Authentication Architecture
🌐 Authentication Providers
1. Google Authentication (Dual Mode) Traditional OAuth + Google Identity Services (GIS)
Traditional OAuth: Full redirect flow for maximum compatibilityGIS One Tap: Client-side popup for instant authenticationTheme Support: GIS button dynamically switches outline (light) / filled_black (dark)Email Linking: Accounts with same email automatically linked Configuration:
// auth.config.ts - Google OAuth provider
2. Apple Sign-In Native iOS/macOS + Web Integration
Automatic Email Linking: Apple accounts link to existing Google accounts with same emailPrivacy Protection: Users can hide email (Apple provides proxy email)Native Integration: Seamless on iOS/macOS devices Configuration:
// auth.config.ts
3. Magic Links (Passwordless) Email-Based Secure Authentication
Time-Limited: Tokens expire after 15 minutesSingle-Use: Automatic invalidation after successful useEmail Verification: Required for account creationGDPR Compliant: No password storage Configuration:
// auth.ts - Magic link provider
4. Crypto Wallet Authentication MetaMask + WalletConnect Integration
Ethereum Mainnet - Primary chainPolygon - Low gas fees, fast transactionsArbitrum - Layer 2 scalingOptimism - Layer 2 scalingBase - Coinbase Layer 2 Wagmi v2 + Viem Stack:
// lib/wagmi-config.ts
Configuration:
// auth.config.ts
3. Magic Links (Passwordless) Email-Based Secure Authentication
Time-Limited: Tokens expire after 15 minutesSingle-Use: Automatic invalidation after successful useEmail Verification: Required for account creationGDPR Compliant: No password storage Configuration:
// auth.ts - Magic link provider
4. Crypto Wallet Authentication MetaMask + WalletConnect Integration
Ethereum Mainnet - Primary chainPolygon - Low gas fees, fast transactionsArbitrum - Layer 2 scalingOptimism - Layer 2 scalingBase - Coinbase Layer 2 Wagmi v2 + Viem Stack:
// lib/wagmi-config.ts
Configuration:
// auth.config.ts
3. Magic Links (Passwordless) Email-Based Secure Authentication
Time-Limited: Tokens expire after 15 minutesSingle-Use: Automatic invalidation after successful useEmail Verification: Required for account creationGDPR Compliant: No password storage Configuration:
// auth.ts - Magic link provider
4. Crypto Wallet Authentication MetaMask + WalletConnect Integration
Ethereum Mainnet - Primary chainPolygon - Low gas fees, fast transactionsArbitrum - Layer 2 scalingOptimism - Layer 2 scalingBase - Coinbase Layer 2 Wagmi v2 + Viem Stack:
// lib/wagmi-config.ts
5. PIN Security System (Revolutionary) Web3 Without Seed Phrases
❌ No Seed Phrases Required - Users authenticate with Google/Apple
✅ Simple 6-Digit PIN - Easy to remember, secure encryption
✅ 95% Wallet Connection Success - vs 40% with traditional Web3
✅ Web3 Sovereignty - Social auth users get full Web3 capabilities
✅ 5x User Adoption - Dramatically improved onboarding
Implementation:
// features/wallet/services/ensure-wallet.ts
👥 Role-Based Access Control
5-Tier Hierarchy
Role Definitions
5. PIN Security System (Revolutionary) Web3 Without Seed Phrases
❌ No Seed Phrases Required - Users authenticate with Google/Apple
✅ Simple 6-Digit PIN - Easy to remember, secure encryption
✅ 95% Wallet Connection Success - vs 40% with traditional Web3
✅ Web3 Sovereignty - Social auth users get full Web3 capabilities
✅ 5x User Adoption - Dramatically improved onboarding
Implementation:
// features/wallet/services/ensure-wallet.ts
👥 Role-Based Access Control
5-Tier Hierarchy
Role Definitions
5. PIN Security System (Revolutionary) Web3 Without Seed Phrases
❌ No Seed Phrases Required - Users authenticate with Google/Apple
✅ Simple 6-Digit PIN - Easy to remember, secure encryption
✅ 95% Wallet Connection Success - vs 40% with traditional Web3
✅ Web3 Sovereignty - Social auth users get full Web3 capabilities
✅ 5x User Adoption - Dramatically improved onboarding
Implementation:
// features/wallet/services/ensure-wallet.ts
👥 Role-Based Access Control
5-Tier Hierarchy
Role Definitions Role Level Access Use Cases VISITOR 0 Public content, browse entities/opportunities Unauthenticated users, general public SUBSCRIBER 1 Create opportunities, basic messaging, view profiles Free registered users MEMBER 2 Create entities, vendor features, NFT marketplace Paid tier ($29/month), businesses CONFIDENTIAL 3 Access confidential entities/opportunities, enhanced features Verified organizations, trusted partners ADMIN 4 Full system access, user management, analytics Platform administrators
Role Level Access Use Cases VISITOR 0 Public content, browse entities/opportunities Unauthenticated users, general public SUBSCRIBER 1 Create opportunities, basic messaging, view profiles Free registered users MEMBER 2 Create entities, vendor features, NFT marketplace Paid tier ($29/month), businesses CONFIDENTIAL 3 Access confidential entities/opportunities, enhanced features Verified organizations, trusted partners ADMIN 4 Full system access, user management, analytics Platform administrators
Role Level Access Use Cases VISITOR 0 Public content, browse entities/opportunities Unauthenticated users, general public SUBSCRIBER 1 Create opportunities, basic messaging, view profiles Free registered users MEMBER 2 Create entities, vendor features, NFT marketplace Paid tier ($29/month), businesses CONFIDENTIAL 3 Access confidential entities/opportunities, enhanced features Verified organizations, trusted partners ADMIN 4 Full system access, user management, analytics Platform administrators
Role Upgrade Flow // features/auth/services/upgrade-user-role.ts
Role Upgrade Flow // features/auth/services/upgrade-user-role.ts
Role Upgrade Flow // features/auth/services/upgrade-user-role.ts
export async function upgradeUserRole ( userId : string , newRole : UserRole , paymentReference ?: string ) : Promise < void > { // Validate role hierarchy const currentRole = await getUserRole ( userId ) if ( getRoleLevel ( newRole ) export async function upgradeUserRole ( userId : string , newRole : UserRole , paymentReference ?: string ) : Promise < void > { // Validate role hierarchy const currentRole = await getUserRole ( userId ) if ( getRoleLevel ( newRole ) export async function upgradeUserRole ( userId : string , newRole : UserRole , paymentReference ?: string ) : Promise < void > { // Validate role hierarchy const currentRole = await getUserRole ( userId ) if ( getRoleLevel ( newRole )
🗄️ Multi-Backend Architecture
Database Adapter Selection
Adapter Implementation // lib/auth-adapter-singleton.ts
🔒 Security Features
Email Account Linking Automatic account linking for same email across providers:
GoogleProvider({
typescript
KYC (Know Your Customer) Integration Document upload with Vercel Blob storage:
// features/auth/components/kyc-upload.tsx
GDPR/CCPA Compliance 30-day grace period account deletion:
🛠️ Implementation Examples
Server-Side Authentication
Client-Side Authentication
Role-Based Access Control
🗄️ Multi-Backend Architecture
Database Adapter Selection
Adapter Implementation // lib/auth-adapter-singleton.ts
🔒 Security Features
Email Account Linking Automatic account linking for same email across providers:
GoogleProvider({
typescript
KYC (Know Your Customer) Integration Document upload with Vercel Blob storage:
// features/auth/components/kyc-upload.tsx
GDPR/CCPA Compliance 30-day grace period account deletion:
🛠️ Implementation Examples
Server-Side Authentication
Client-Side Authentication
Role-Based Access Control
🗄️ Multi-Backend Architecture
Database Adapter Selection
Adapter Implementation // lib/auth-adapter-singleton.ts
🔒 Security Features
Email Account Linking Automatic account linking for same email across providers:
GoogleProvider({
typescript
KYC (Know Your Customer) Integration Document upload with Vercel Blob storage:
// features/auth/components/kyc-upload.tsx
GDPR/CCPA Compliance 30-day grace period account deletion:
🛠️ Implementation Examples
Server-Side Authentication
Client-Side Authentication
Role-Based Access Control
📊 Performance Metrics
📊 Performance Metrics
📊 Performance Metrics Metric Value Industry Standard Google OAuth Login <500ms2-3s GIS One Tap Login <300msN/A Magic Link Send <200ms500ms-1s Wallet Connection Success 95% 40% Session Creation <100ms200-500ms PIN Setup Completion 87% N/A Email Linking Success 100% Manual process
Metric Value Industry Standard Google OAuth Login <500ms2-3s GIS One Tap Login <300msN/A Magic Link Send <200ms500ms-1s Wallet Connection Success 95% 40% Session Creation <100ms200-500ms PIN Setup Completion 87% N/A Email Linking Success 100% Manual process
Metric Value Industry Standard Google OAuth Login <500ms2-3s GIS One Tap Login <300msN/A Magic Link Send <200ms500ms-1s Wallet Connection Success 95% 40% Session Creation <100ms200-500ms PIN Setup Completion 87% N/A Email Linking Success 100% Manual process
🔧 Configuration Reference
Environment Variables Auth.js Core Google OAuth Apple Sign-In Magic Links WalletConnect Firebase (if using firebase-full mode) Database Backend Mode
🚀 Next Steps
For Ringdom. For the Light. For Secure Authentication.
🔐 Perfect authentication. Perfect security. Perfect user experience. 🔥
<=
getRoleLevel
(
currentRole
))
{
🔧 Configuration Reference
Environment Variables Auth.js Core Google OAuth Apple Sign-In Magic Links WalletConnect Firebase (if using firebase-full mode) Database Backend Mode
🚀 Next Steps
For Ringdom. For the Light. For Secure Authentication.
🔐 Perfect authentication. Perfect security. Perfect user experience. 🔥
<=
getRoleLevel
(
currentRole
))
{
🔧 Configuration Reference
Environment Variables Auth.js Core Google OAuth Apple Sign-In Magic Links WalletConnect Firebase (if using firebase-full mode) Database Backend Mode
🚀 Next Steps
For Ringdom. For the Light. For Secure Authentication.
🔐 Perfect authentication. Perfect security. Perfect user experience. 🔥
<=
getRoleLevel
(
currentRole
))
{
throw new Error ( ' Cannot downgrade or lateral move ' )
}
// Update user role
throw new Error ( ' Cannot downgrade or lateral move ' )
}
// Update user role
throw new Error ( ' Cannot downgrade or lateral move ' )
}
// Update user role
await db . update ( ' users ' , userId , { role : newRole } )
await db . update ( ' users ' , userId , { role : newRole } )
await db . update ( ' users ' , userId , { role : newRole } )
// Audit log
await createAuditLog ( {
userId ,
action : ' role_upgrade ' ,
from : currentRole ,
to : newRole ,
paymentReference ,
timestamp : new Date ()
} )
// Audit log
await createAuditLog ( {
userId ,
action : ' role_upgrade ' ,
from : currentRole ,
to : newRole ,
paymentReference ,
timestamp : new Date ()
} )
// Audit log
await createAuditLog ( {
userId ,
action : ' role_upgrade ' ,
from : currentRole ,
to : newRole ,
paymentReference ,
timestamp : new Date ()
} )
// Notify user
await sendNotification ( userId , {
type : ' role_upgrade ' ,
title : ` Upgraded to ${ newRole } ` ,
message : ` Your account has been upgraded. New features unlocked! `
} )
}
// Notify user
await sendNotification ( userId , {
type : ' role_upgrade ' ,
title : ` Upgraded to ${ newRole } ` ,
message : ` Your account has been upgraded. New features unlocked! `
} )
}
// Notify user
await sendNotification ( userId , {
type : ' role_upgrade ' ,
title : ` Upgraded to ${ newRole } ` ,
message : ` Your account has been upgraded. New features unlocked! `
} )
}
