Documentation

    Documentation

    Documentation

    Ring Platform Logo

    Завантаження документації...

    Підготовка контенту платформи Ring

    Ring Platform Logo

    Завантаження документації...

    Підготовка контенту платформи Ring

    Ring Platform Logo

    Завантаження документації...

    Підготовка контенту платформи Ring

    1. /
    2. /Authentication

    Updated Jun 13, 20264 min listen

    1. /
    2. /Authentication

    Updated Jun 13, 20264 min listen

    1. /
    2. /Authentication

    Updated Jun 13, 20264 min listen

    Concepts, value, and typical clone scenarios — less code.

    Welcome to Ring
    Quick Reference
    Getting Started
    Prerequisites
    Installation
    First Success Validation
    Next Steps
    Architecture
    Data Model
    Real Time
    Discovery Mutation Sync
    Security
    Backend Services
    k8s-postgres-fcm Mode
    Firebase Integration
    Features
    Authentication
    Email AI-CRM
    Entities
    Opportunities
    Notifications
    Push Notifications with FCM (Ring-Powered)
    Tunnel Protocol
    Wallet & Credit System
    Multi-Vendor Store
    Referral Codes (Refcodes)
    Affiliate & Referral Enablement
    Payments Overview
    PaymentConductor
    SubscriptionConductor
    VideoConductor
    News Module - Digital Newspaper Experience
    Member Blogs
    Public Profile Pages
    Username Reservation System
    Scientific Editor
    Locale System
    Security & Compliance
    NFT Marketplace
    Token Staking System
    Performance Optimization Patterns
    Mobile Experience
    Wallet
    Wallet Security Tips
    API
    Authentication
    Email AI-CRM API
    Entities
    Opportunities
    Messaging API
    Notifications API
    Wallet API
    Store API
    Admin API
    Customization
    Quick Start — Your First Ring Clone
    Customization Guide
    Token Economics Setup
    Payment Gateway Integration
    Reference Ring deployments
    Branding
    Themes
    Web3
    Token launch jurisdictions
    Deployment
    Self-hosted deployment
    Vercel
    Docker
    Monitoring & Analytics
    Performance Optimization
    Backup & Recovery
    Development
    Local Setup
    Code Structure
    Documentation components
    Community tooling
    Ring MCP Server
    Generative Images (ImageConductor)
    Autonomous Newsroom (Grok)
    OSS vs enterprise
    Whitelabel Navigation
    Best Practices
    Workflow
    Code Style
    Performance
    Testing
    Deployment
    Debugging
    Contributing
    MCP
    ring-image-create
    ring-video-create
    Examples
    Quick Start
    White Label
    Real World
    Integrations
    Ethereum wallets (Wagmi v3)

    Quick entry (CTOs · auditors · agents)

    Welcome — mission & audiences
    Quick Reference
    Getting started
    Architecture & Auth.js
    Backend modes & databases (DB_BACKEND_MODE)
    Self-hosted
    Ring MCP Tools
    Ring MCP Server
    Token economics
    Token launch jurisdictions
    Deploy (Docker · k8s)
    Security & compliance reads
    ringdom.org — LegioX homebase
    Source — MIT license (GitHub)

    Concepts, value, and typical clone scenarios — less code.

    Welcome to Ring
    Quick Reference
    Getting Started
    Prerequisites
    Installation
    First Success Validation
    Next Steps
    Architecture
    Data Model
    Real Time
    Discovery Mutation Sync
    Security
    Backend Services
    k8s-postgres-fcm Mode
    Firebase Integration
    Features
    Authentication
    Email AI-CRM
    Entities
    Opportunities
    Notifications
    Push Notifications with FCM (Ring-Powered)
    Tunnel Protocol
    Wallet & Credit System
    Multi-Vendor Store
    Referral Codes (Refcodes)
    Affiliate & Referral Enablement
    Payments Overview
    PaymentConductor
    SubscriptionConductor
    VideoConductor
    News Module - Digital Newspaper Experience
    Member Blogs
    Public Profile Pages
    Username Reservation System
    Scientific Editor
    Locale System
    Security & Compliance
    NFT Marketplace
    Token Staking System
    Performance Optimization Patterns
    Mobile Experience
    Wallet
    Wallet Security Tips
    API
    Authentication
    Email AI-CRM API
    Entities
    Opportunities
    Messaging API
    Notifications API
    Wallet API
    Store API
    Admin API
    Customization
    Quick Start — Your First Ring Clone
    Customization Guide
    Token Economics Setup
    Payment Gateway Integration
    Reference Ring deployments
    Branding
    Themes
    Web3
    Token launch jurisdictions
    Deployment
    Self-hosted deployment
    Vercel
    Docker
    Monitoring & Analytics
    Performance Optimization
    Backup & Recovery
    Development
    Local Setup
    Code Structure
    Documentation components
    Community tooling
    Ring MCP Server
    Generative Images (ImageConductor)
    Autonomous Newsroom (Grok)
    OSS vs enterprise
    Whitelabel Navigation
    Best Practices
    Workflow
    Code Style
    Performance
    Testing
    Deployment
    Debugging
    Contributing
    MCP
    ring-image-create
    ring-video-create
    Examples
    Quick Start
    White Label
    Real World
    Integrations
    Ethereum wallets (Wagmi v3)

    Quick entry (CTOs · auditors · agents)

    Welcome — mission & audiences
    Quick Reference
    Getting started
    Architecture & Auth.js
    Backend modes & databases (DB_BACKEND_MODE)
    Self-hosted
    Ring MCP Tools
    Ring MCP Server
    Token economics
    Token launch jurisdictions
    Deploy (Docker · k8s)
    Security & compliance reads
    ringdom.org — LegioX homebase
    Source — MIT license (GitHub)

    Concepts, value, and typical clone scenarios — less code.

    Welcome to Ring
    Quick Reference
    Getting Started
    Prerequisites
    Installation
    First Success Validation
    Next Steps
    Architecture
    Data Model
    Real Time
    Discovery Mutation Sync
    Security
    Backend Services
    k8s-postgres-fcm Mode
    Firebase Integration
    Features
    Authentication
    Email AI-CRM
    Entities
    Opportunities
    Notifications
    Push Notifications with FCM (Ring-Powered)
    Tunnel Protocol
    Wallet & Credit System
    Multi-Vendor Store
    Referral Codes (Refcodes)
    Affiliate & Referral Enablement
    Payments Overview
    PaymentConductor
    SubscriptionConductor
    VideoConductor
    News Module - Digital Newspaper Experience
    Member Blogs
    Public Profile Pages
    Username Reservation System
    Scientific Editor
    Locale System
    Security & Compliance
    NFT Marketplace
    Token Staking System
    Performance Optimization Patterns
    Mobile Experience
    Wallet
    Wallet Security Tips
    API
    Authentication
    Email AI-CRM API
    Entities
    Opportunities
    Messaging API
    Notifications API
    Wallet API
    Store API
    Admin API
    Customization
    Quick Start — Your First Ring Clone
    Customization Guide
    Token Economics Setup
    Payment Gateway Integration
    Reference Ring deployments
    Branding
    Themes
    Web3
    Token launch jurisdictions
    Deployment
    Self-hosted deployment
    Vercel
    Docker
    Monitoring & Analytics
    Performance Optimization
    Backup & Recovery
    Development
    Local Setup
    Code Structure
    Documentation components
    Community tooling
    Ring MCP Server
    Generative Images (ImageConductor)
    Autonomous Newsroom (Grok)
    OSS vs enterprise
    Whitelabel Navigation
    Best Practices
    Workflow
    Code Style
    Performance
    Testing
    Deployment
    Debugging
    Contributing
    MCP
    ring-image-create
    ring-video-create
    Examples
    Quick Start
    White Label
    Real World
    Integrations
    Ethereum wallets (Wagmi v3)

    Quick entry (CTOs · auditors · agents)

    Welcome — mission & audiences
    Quick Reference
    Getting started
    Architecture & Auth.js
    Backend modes & databases (DB_BACKEND_MODE)
    Self-hosted
    Ring MCP Tools
    Ring MCP Server
    Token economics
    Token launch jurisdictions
    Deploy (Docker · k8s)
    Security & compliance reads
    ringdom.org — LegioX homebase
    Source — MIT license (GitHub)
    Docs
    Features
    Docs
    Features
    Docs
    Features

    Authentication System

    Auth.js v5 multi-provider authentication with magic links, OAuth providers, crypto wallets, and GDPR compliance.

    v1.6.4 protection model

    LayerRole
    proxy.tsLocale rewrite + optimistic redirect to ROUTES.LOGIN(locale) (cookie presence only — not session validity)
    (authenticated)/[locale]/layout.tsxawait auth() — canonical session gate
    (admin)/[locale]/layout.tsxRole check (admin/superadmin)
    /loginLoginAuthenticatedRedirect — client useSession bounce when genuinely authenticated (avoids stale-cookie loops; skips during OAuth callback query params)
    API routesPer-handler auth()

    OAuth and Google One Tap use /api/auth/* (excluded from intl middleware). See Proxy and intl.

    Login canonical pattern: ROUTES.LOGIN(locale) with unified from / callbackUrl / returnTo query params. Implementation: features/auth/components/login-authenticated-redirect.tsx.

    Overview

    Ring Platform uses Auth.js v5 to provide seamless authentication across multiple providers while maintaining security and user privacy.

    Authentication Providers

    Magic Links

    • Passwordless Authentication - Email-based secure login
    • One-click Access - No password required
    • Secure Tokens - Time-limited access tokens
    • GDPR Compliant - Privacy-first approach

    OAuth Providers

    • Google - Primary OAuth provider for web and mobile
    • Apple - iOS/macOS native integration with Sign in with Apple
    • GitHub - Developer-focused authentication
    • Discord - Community platform integration

    Apple Sign-in Integration

    Ring Platform supports seamless Sign in with Apple integration using Auth.js v5.

    Prerequisites

    Before setting up Apple Sign-in, ensure you have:

    1. Apple Developer Account - Paid developer account ($99/year)
    2. App ID - Registered app identifier (e.g., com.yourcompany.yourapp)
    3. Service ID - For web authentication (e.g., com.yourcompany.auth)
    4. Private Key - Generated from Apple Developer portal
    5. Team ID - From your Apple Developer account
    Apple Developer Portal Setup
    1. Create App ID:

      • Go to Certificates, Identifiers & Profiles
      • Click + → Choose App IDs
      • Register your app with bundle ID (e.g., com.sonoratek.ring)
      • Enable Sign in with Apple capability
    2. Create Service ID:

      • Under Identifiers → Click + → Choose Services IDs
      • Create service ID (e.g., com.sonoratek.ring-auth)
      • Enable Sign in with Apple
      • Configure Return URLs (your app's callback URLs)
    3. Generate Private Key:

      • Go to Keys → Click +
      • Name your key (e.g., "Auth Key for Ring Platform")
      • Enable Sign in with Apple
      • Select your App ID
      • Download the .p8 private key file (keep it secure!)
    Environment Configuration

    Add these variables to your .env.local:

    Apple Sign-in Configuration

    JWT Generation

    Apple requires a JWT signed with your private key. Use this Node.js script:

    Auth.js v5 Configuration

    Apple Sign-in is automatically configured in your auth.config.ts:

    Usage in Components
    User Experience Features
    • One-tap authentication on Apple devices
    • Privacy-focused - No email collection without user consent
    • Secure token exchange - Server-side validation
    • Account linking - Connect with existing accounts
    • Cross-platform support - Works on web and mobile
    Security Considerations
    • Private key protection - Never commit .p8 files to version control
    • JWT expiration - Regenerate tokens every 6 months
    • Environment isolation - Use different keys for dev/staging/production
    • Audit logging - Track authentication events
    • Rate limiting - Protect against abuse
    Troubleshooting

    Common Issues:

    • "Invalid client" error: Verify AUTH_APPLE_ID matches your Service ID
    • "Invalid JWT" error: Check JWT generation and expiration
    • "Domain verification failed": Ensure return URLs are properly configured
    • "Key not found" error: Verify private key is accessible and correct

    Debug Tips:

    • Check server logs for detailed error messages
    • Verify JWT payload structure and signature
    • Test with Apple's developer tools
    • Ensure proper domain verification in Apple Developer portal

    Crypto Wallets

    • MetaMask - Ethereum wallet authentication
    • WalletConnect - Multi-wallet support
    • Coinbase Wallet - Mainstream crypto wallet
    • Trust Wallet - Mobile-first wallet integration

    Implementation

    Authentication Setup

    Role-Based Access

    // Check user role


    Documentation in progress

    Complete authentication documentation is being expanded.

    Authentication System

    Auth.js v5 multi-provider authentication with magic links, OAuth providers, crypto wallets, and GDPR compliance.

    v1.6.4 protection model

    LayerRole
    proxy.tsLocale rewrite + optimistic redirect to ROUTES.LOGIN(locale) (cookie presence only — not session validity)
    (authenticated)/[locale]/layout.tsxawait auth() — canonical session gate
    (admin)/[locale]/layout.tsxRole check (admin/superadmin)
    /loginLoginAuthenticatedRedirect — client useSession bounce when genuinely authenticated (avoids stale-cookie loops; skips during OAuth callback query params)
    API routesPer-handler auth()

    OAuth and Google One Tap use /api/auth/* (excluded from intl middleware). See Proxy and intl.

    Login canonical pattern: ROUTES.LOGIN(locale) with unified from / callbackUrl / returnTo query params. Implementation: features/auth/components/login-authenticated-redirect.tsx.

    Overview

    Ring Platform uses Auth.js v5 to provide seamless authentication across multiple providers while maintaining security and user privacy.

    Authentication Providers

    Magic Links

    • Passwordless Authentication - Email-based secure login
    • One-click Access - No password required
    • Secure Tokens - Time-limited access tokens
    • GDPR Compliant - Privacy-first approach

    OAuth Providers

    • Google - Primary OAuth provider for web and mobile
    • Apple - iOS/macOS native integration with Sign in with Apple
    • GitHub - Developer-focused authentication
    • Discord - Community platform integration

    Apple Sign-in Integration

    Ring Platform supports seamless Sign in with Apple integration using Auth.js v5.

    Prerequisites

    Before setting up Apple Sign-in, ensure you have:

    1. Apple Developer Account - Paid developer account ($99/year)
    2. App ID - Registered app identifier (e.g., com.yourcompany.yourapp)
    3. Service ID - For web authentication (e.g., com.yourcompany.auth)
    4. Private Key - Generated from Apple Developer portal
    5. Team ID - From your Apple Developer account
    Apple Developer Portal Setup
    1. Create App ID:

      • Go to Certificates, Identifiers & Profiles
      • Click + → Choose App IDs
      • Register your app with bundle ID (e.g., com.sonoratek.ring)
      • Enable Sign in with Apple capability
    2. Create Service ID:

      • Under Identifiers → Click + → Choose Services IDs
      • Create service ID (e.g., com.sonoratek.ring-auth)
      • Enable Sign in with Apple
      • Configure Return URLs (your app's callback URLs)
    3. Generate Private Key:

      • Go to Keys → Click +
      • Name your key (e.g., "Auth Key for Ring Platform")
      • Enable Sign in with Apple
      • Select your App ID
      • Download the .p8 private key file (keep it secure!)
    Environment Configuration

    Add these variables to your .env.local:

    Apple Sign-in Configuration

    JWT Generation

    Apple requires a JWT signed with your private key. Use this Node.js script:

    Auth.js v5 Configuration

    Apple Sign-in is automatically configured in your auth.config.ts:

    Usage in Components
    User Experience Features
    • One-tap authentication on Apple devices
    • Privacy-focused - No email collection without user consent
    • Secure token exchange - Server-side validation
    • Account linking - Connect with existing accounts
    • Cross-platform support - Works on web and mobile
    Security Considerations
    • Private key protection - Never commit .p8 files to version control
    • JWT expiration - Regenerate tokens every 6 months
    • Environment isolation - Use different keys for dev/staging/production
    • Audit logging - Track authentication events
    • Rate limiting - Protect against abuse
    Troubleshooting

    Common Issues:

    • "Invalid client" error: Verify AUTH_APPLE_ID matches your Service ID
    • "Invalid JWT" error: Check JWT generation and expiration
    • "Domain verification failed": Ensure return URLs are properly configured
    • "Key not found" error: Verify private key is accessible and correct

    Debug Tips:

    • Check server logs for detailed error messages
    • Verify JWT payload structure and signature
    • Test with Apple's developer tools
    • Ensure proper domain verification in Apple Developer portal

    Crypto Wallets

    • MetaMask - Ethereum wallet authentication
    • WalletConnect - Multi-wallet support
    • Coinbase Wallet - Mainstream crypto wallet
    • Trust Wallet - Mobile-first wallet integration

    Implementation

    Authentication Setup

    Role-Based Access

    // Check user role


    Documentation in progress

    Complete authentication documentation is being expanded.

    Authentication System

    Auth.js v5 multi-provider authentication with magic links, OAuth providers, crypto wallets, and GDPR compliance.

    v1.6.4 protection model

    LayerRole
    proxy.tsLocale rewrite + optimistic redirect to ROUTES.LOGIN(locale) (cookie presence only — not session validity)
    (authenticated)/[locale]/layout.tsxawait auth() — canonical session gate
    (admin)/[locale]/layout.tsxRole check (admin/superadmin)
    /loginLoginAuthenticatedRedirect — client useSession bounce when genuinely authenticated (avoids stale-cookie loops; skips during OAuth callback query params)
    API routesPer-handler auth()

    OAuth and Google One Tap use /api/auth/* (excluded from intl middleware). See Proxy and intl.

    Login canonical pattern: ROUTES.LOGIN(locale) with unified from / callbackUrl / returnTo query params. Implementation: features/auth/components/login-authenticated-redirect.tsx.

    Overview

    Ring Platform uses Auth.js v5 to provide seamless authentication across multiple providers while maintaining security and user privacy.

    Authentication Providers

    Magic Links

    • Passwordless Authentication - Email-based secure login
    • One-click Access - No password required
    • Secure Tokens - Time-limited access tokens
    • GDPR Compliant - Privacy-first approach

    OAuth Providers

    • Google - Primary OAuth provider for web and mobile
    • Apple - iOS/macOS native integration with Sign in with Apple
    • GitHub - Developer-focused authentication
    • Discord - Community platform integration

    Apple Sign-in Integration

    Ring Platform supports seamless Sign in with Apple integration using Auth.js v5.

    Prerequisites

    Before setting up Apple Sign-in, ensure you have:

    1. Apple Developer Account - Paid developer account ($99/year)
    2. App ID - Registered app identifier (e.g., com.yourcompany.yourapp)
    3. Service ID - For web authentication (e.g., com.yourcompany.auth)
    4. Private Key - Generated from Apple Developer portal
    5. Team ID - From your Apple Developer account
    Apple Developer Portal Setup
    1. Create App ID:

      • Go to Certificates, Identifiers & Profiles
      • Click + → Choose App IDs
      • Register your app with bundle ID (e.g., com.sonoratek.ring)
      • Enable Sign in with Apple capability
    2. Create Service ID:

      • Under Identifiers → Click + → Choose Services IDs
      • Create service ID (e.g., com.sonoratek.ring-auth)
      • Enable Sign in with Apple
      • Configure Return URLs (your app's callback URLs)
    3. Generate Private Key:

      • Go to Keys → Click +
      • Name your key (e.g., "Auth Key for Ring Platform")
      • Enable Sign in with Apple
      • Select your App ID
      • Download the .p8 private key file (keep it secure!)
    Environment Configuration

    Add these variables to your .env.local:

    Apple Sign-in Configuration

    JWT Generation

    Apple requires a JWT signed with your private key. Use this Node.js script:

    Auth.js v5 Configuration

    Apple Sign-in is automatically configured in your auth.config.ts:

    Usage in Components
    User Experience Features
    • One-tap authentication on Apple devices
    • Privacy-focused - No email collection without user consent
    • Secure token exchange - Server-side validation
    • Account linking - Connect with existing accounts
    • Cross-platform support - Works on web and mobile
    Security Considerations
    • Private key protection - Never commit .p8 files to version control
    • JWT expiration - Regenerate tokens every 6 months
    • Environment isolation - Use different keys for dev/staging/production
    • Audit logging - Track authentication events
    • Rate limiting - Protect against abuse
    Troubleshooting

    Common Issues:

    • "Invalid client" error: Verify AUTH_APPLE_ID matches your Service ID
    • "Invalid JWT" error: Check JWT generation and expiration
    • "Domain verification failed": Ensure return URLs are properly configured
    • "Key not found" error: Verify private key is accessible and correct

    Debug Tips:

    • Check server logs for detailed error messages
    • Verify JWT payload structure and signature
    • Test with Apple's developer tools
    • Ensure proper domain verification in Apple Developer portal

    Crypto Wallets

    • MetaMask - Ethereum wallet authentication
    • WalletConnect - Multi-wallet support
    • Coinbase Wallet - Mainstream crypto wallet
    • Trust Wallet - Mobile-first wallet integration

    Implementation

    Authentication Setup

    Role-Based Access

    // Check user role


    Documentation in progress

    Complete authentication documentation is being expanded.