Loading Documentation Hub... Scanning documentation library
Loading Documentation Hub... Scanning documentation library
Loading Documentation Hub... Scanning documentation library
About Us About our platform and services
About Us About our platform and services
Завантаження документації... Підготовка контенту платформи Ring
Завантаження документації... Підготовка контенту платформи Ring
Завантаження документації... Підготовка контенту платформи Ring
🔐 Authentication Architecture
Ring Platform Authentication System - Auth.js v5 powered multi-provider authentication with advanced security, role-based access control, and seamless Web3 integration.
📋 Overview
Ring Platform implements a sophisticated multi-layer authentication architecture that combines traditional OAuth providers, passwordless magic links, and cutting-edge Web3 wallet authentication with revolutionary PIN security (no seed phrases required).
Key Features
✅ 5 Authentication Providers - Google (GIS + OAuth), Apple, Magic Links, Crypto Wallets, PIN Security
✅ Auth.js v5 Modern Stack - Latest authentication framework with edge runtime compatibility
✅ 5-Tier Role Hierarchy - VISITOR → SUBSCRIBER → MEMBER → CONFIDENTIAL → ADMIN
✅ Multi-Backend Support - Works with k8s-postgres-fcm, firebase-full, and supabase-fcm modes
✅ Web3 Without Complexity - Users authenticate socially, get Web3 wallets automatically
✅ PIN Security System - Revolutionary Web3 access without seed phrases
✅ GDPR/CCPA Compliant - 30-day grace period account deletion with audit trails
✅ Email Linking - Automatic account linking for same email across providers
✅ KYC Integration - Document upload with Vercel Blob storage
🏗️ Architecture Mindmap
🔐 Authentication Architecture
Ring Platform Authentication System - Auth.js v5 powered multi-provider authentication with advanced security, role-based access control, and seamless Web3 integration.
📋 Overview
Ring Platform implements a sophisticated multi-layer authentication architecture that combines traditional OAuth providers, passwordless magic links, and cutting-edge Web3 wallet authentication with revolutionary PIN security (no seed phrases required).
Key Features
✅ 5 Authentication Providers - Google (GIS + OAuth), Apple, Magic Links, Crypto Wallets, PIN Security
✅ Auth.js v5 Modern Stack - Latest authentication framework with edge runtime compatibility
✅ 5-Tier Role Hierarchy - VISITOR → SUBSCRIBER → MEMBER → CONFIDENTIAL → ADMIN
✅ Multi-Backend Support - Works with k8s-postgres-fcm, firebase-full, and supabase-fcm modes
✅ Web3 Without Complexity - Users authenticate socially, get Web3 wallets automatically
✅ PIN Security System - Revolutionary Web3 access without seed phrases
✅ GDPR/CCPA Compliant - 30-day grace period account deletion with audit trails
✅ Email Linking - Automatic account linking for same email across providers
✅ KYC Integration - Document upload with Vercel Blob storage
🏗️ Architecture Mindmap
🔐 Authentication Architecture
Ring Platform Authentication System - Auth.js v5 powered multi-provider authentication with advanced security, role-based access control, and seamless Web3 integration.
📋 Overview
Ring Platform implements a sophisticated multi-layer authentication architecture that combines traditional OAuth providers, passwordless magic links, and cutting-edge Web3 wallet authentication with revolutionary PIN security (no seed phrases required).
Key Features
✅ 5 Authentication Providers - Google (GIS + OAuth), Apple, Magic Links, Crypto Wallets, PIN Security
✅ Auth.js v5 Modern Stack - Latest authentication framework with edge runtime compatibility
✅ 5-Tier Role Hierarchy - VISITOR → SUBSCRIBER → MEMBER → CONFIDENTIAL → ADMIN
✅ Multi-Backend Support - Works with k8s-postgres-fcm, firebase-full, and supabase-fcm modes
✅ Web3 Without Complexity - Users authenticate socially, get Web3 wallets automatically
✅ PIN Security System - Revolutionary Web3 access without seed phrases
✅ GDPR/CCPA Compliant - 30-day grace period account deletion with audit trails
✅ Email Linking - Automatic account linking for same email across providers
✅ KYC Integration - Document upload with Vercel Blob storage
🏗️ Architecture Mindmap
🔄 Complete Authentication Flow
Multi-Provider Authentication Architecture
🌐 Authentication Providers
1. Google Authentication (Dual Mode) Traditional OAuth + Google Identity Services (GIS)
Traditional OAuth: Full redirect flow for maximum compatibilityGIS One Tap: Client-side popup for instant authenticationTheme Support: GIS button dynamically switches outline (light) / filled_black (dark)Email Linking: Accounts with same email automatically linked Configuration:
// auth.config.ts - Google OAuth provider
2. Apple Sign-In Native iOS/macOS + Web Integration
Automatic Email Linking: Apple accounts link to existing Google accounts with same emailPrivacy Protection: Users can hide email (Apple provides proxy email)Native Integration: Seamless on iOS/macOS devices
🔄 Complete Authentication Flow
Multi-Provider Authentication Architecture
🌐 Authentication Providers
1. Google Authentication (Dual Mode) Traditional OAuth + Google Identity Services (GIS)
Traditional OAuth: Full redirect flow for maximum compatibilityGIS One Tap: Client-side popup for instant authenticationTheme Support: GIS button dynamically switches outline (light) / filled_black (dark)Email Linking: Accounts with same email automatically linked Configuration:
// auth.config.ts - Google OAuth provider
2. Apple Sign-In Native iOS/macOS + Web Integration
Automatic Email Linking: Apple accounts link to existing Google accounts with same emailPrivacy Protection: Users can hide email (Apple provides proxy email)Native Integration: Seamless on iOS/macOS devices
🔄 Complete Authentication Flow
Multi-Provider Authentication Architecture
🌐 Authentication Providers
1. Google Authentication (Dual Mode) Traditional OAuth + Google Identity Services (GIS)
Traditional OAuth: Full redirect flow for maximum compatibilityGIS One Tap: Client-side popup for instant authenticationTheme Support: GIS button dynamically switches outline (light) / filled_black (dark)Email Linking: Accounts with same email automatically linked Configuration:
// auth.config.ts - Google OAuth provider
2. Apple Sign-In Native iOS/macOS + Web Integration
Automatic Email Linking: Apple accounts link to existing Google accounts with same emailPrivacy Protection: Users can hide email (Apple provides proxy email)Native Integration: Seamless on iOS/macOS devices Configuration:
// auth.config.ts
3. Magic Links (Passwordless) Email-Based Secure Authentication
Time-Limited: Tokens expire after 15 minutesSingle-Use: Automatic invalidation after successful useEmail Verification: Required for account creationGDPR Compliant: No password storage Configuration:
// auth.ts - Magic link provider
4. Crypto Wallet Authentication MetaMask + WalletConnect Integration
Ethereum Mainnet - Primary chainPolygon - Low gas fees, fast transactionsArbitrum - Layer 2 scalingOptimism - Layer 2 scalingBase - Coinbase Layer 2 Wagmi v2 + Viem Stack:
// lib/wagmi-config.ts
Configuration:
// auth.config.ts
3. Magic Links (Passwordless) Email-Based Secure Authentication
Time-Limited: Tokens expire after 15 minutesSingle-Use: Automatic invalidation after successful useEmail Verification: Required for account creationGDPR Compliant: No password storage Configuration:
// auth.ts - Magic link provider
4. Crypto Wallet Authentication MetaMask + WalletConnect Integration
Ethereum Mainnet - Primary chainPolygon - Low gas fees, fast transactionsArbitrum - Layer 2 scalingOptimism - Layer 2 scalingBase - Coinbase Layer 2 Wagmi v2 + Viem Stack:
// lib/wagmi-config.ts
Configuration:
// auth.config.ts
3. Magic Links (Passwordless) Email-Based Secure Authentication
Time-Limited: Tokens expire after 15 minutesSingle-Use: Automatic invalidation after successful useEmail Verification: Required for account creationGDPR Compliant: No password storage Configuration:
// auth.ts - Magic link provider
4. Crypto Wallet Authentication MetaMask + WalletConnect Integration
Ethereum Mainnet - Primary chainPolygon - Low gas fees, fast transactionsArbitrum - Layer 2 scalingOptimism - Layer 2 scalingBase - Coinbase Layer 2 Wagmi v2 + Viem Stack:
// lib/wagmi-config.ts
5. PIN Security System (Revolutionary) Web3 Without Seed Phrases
❌ No Seed Phrases Required - Users authenticate with Google/Apple
✅ Simple 6-Digit PIN - Easy to remember, secure encryption
✅ 95% Wallet Connection Success - vs 40% with traditional Web3
✅ Web3 Sovereignty - Social auth users get full Web3 capabilities
✅ 5x User Adoption - Dramatically improved onboarding
Implementation:
// features/wallet/services/ensure-wallet.ts
👥 Role-Based Access Control
5-Tier Hierarchy
Role Definitions
5. PIN Security System (Revolutionary) Web3 Without Seed Phrases
❌ No Seed Phrases Required - Users authenticate with Google/Apple
✅ Simple 6-Digit PIN - Easy to remember, secure encryption
✅ 95% Wallet Connection Success - vs 40% with traditional Web3
✅ Web3 Sovereignty - Social auth users get full Web3 capabilities
✅ 5x User Adoption - Dramatically improved onboarding
Implementation:
// features/wallet/services/ensure-wallet.ts
👥 Role-Based Access Control
5-Tier Hierarchy
Role Definitions
5. PIN Security System (Revolutionary) Web3 Without Seed Phrases
❌ No Seed Phrases Required - Users authenticate with Google/Apple
✅ Simple 6-Digit PIN - Easy to remember, secure encryption
✅ 95% Wallet Connection Success - vs 40% with traditional Web3
✅ Web3 Sovereignty - Social auth users get full Web3 capabilities
✅ 5x User Adoption - Dramatically improved onboarding
Implementation:
// features/wallet/services/ensure-wallet.ts
👥 Role-Based Access Control
5-Tier Hierarchy
Role Definitions Role Level Access Use Cases VISITOR 0 Public content, browse entities/opportunities Unauthenticated users, general public SUBSCRIBER 1 Create opportunities, basic messaging, view profiles Free registered users MEMBER 2 Create entities, vendor features, NFT marketplace Paid tier ($29/month), businesses CONFIDENTIAL 3 Access confidential entities/opportunities, enhanced features Verified organizations, trusted partners ADMIN 4 Full system access, user management, analytics Platform administrators
Role Level Access Use Cases VISITOR 0 Public content, browse entities/opportunities Unauthenticated users, general public SUBSCRIBER 1 Create opportunities, basic messaging, view profiles Free registered users MEMBER 2 Create entities, vendor features, NFT marketplace Paid tier ($29/month), businesses CONFIDENTIAL 3 Access confidential entities/opportunities, enhanced features Verified organizations, trusted partners ADMIN 4 Full system access, user management, analytics Platform administrators
Role Level Access Use Cases VISITOR 0 Public content, browse entities/opportunities Unauthenticated users, general public SUBSCRIBER 1 Create opportunities, basic messaging, view profiles Free registered users MEMBER 2 Create entities, vendor features, NFT marketplace Paid tier ($29/month), businesses CONFIDENTIAL 3 Access confidential entities/opportunities, enhanced features Verified organizations, trusted partners ADMIN 4 Full system access, user management, analytics Platform administrators
Role Upgrade Flow // features/auth/services/upgrade-user-role.ts
Role Upgrade Flow // features/auth/services/upgrade-user-role.ts
Role Upgrade Flow // features/auth/services/upgrade-user-role.ts
export async function upgradeUserRole ( userId : string , newRole : UserRole , paymentReference ?: string ) : Promise < void > { // Validate role hierarchy const currentRole = await getUserRole ( userId ) if ( getRoleLevel ( newRole ) export async function upgradeUserRole ( userId : string , newRole : UserRole , paymentReference ?: string ) : Promise < void > { // Validate role hierarchy const currentRole = await getUserRole ( userId ) if ( getRoleLevel ( newRole ) export async function upgradeUserRole ( userId : string , newRole : UserRole , paymentReference ?: string ) : Promise < void > { // Validate role hierarchy const currentRole = await getUserRole ( userId ) if ( getRoleLevel ( newRole )
🗄️ Multi-Backend Architecture
Database Adapter Selection
Adapter Implementation // lib/auth-adapter-singleton.ts
🔒 Security Features
Email Account Linking Automatic account linking for same email across providers:
GoogleProvider({
typescript
KYC (Know Your Customer) Integration Document upload with Vercel Blob storage:
// features/auth/components/kyc-upload.tsx
GDPR/CCPA Compliance 30-day grace period account deletion:
🛠️ Implementation Examples
Server-Side Authentication
Client-Side Authentication
Role-Based Access Control
🗄️ Multi-Backend Architecture
Database Adapter Selection
Adapter Implementation // lib/auth-adapter-singleton.ts
🔒 Security Features
Email Account Linking Automatic account linking for same email across providers:
GoogleProvider({
typescript
KYC (Know Your Customer) Integration Document upload with Vercel Blob storage:
// features/auth/components/kyc-upload.tsx
GDPR/CCPA Compliance 30-day grace period account deletion:
🛠️ Implementation Examples
Server-Side Authentication
Client-Side Authentication
Role-Based Access Control
🗄️ Multi-Backend Architecture
Database Adapter Selection
Adapter Implementation // lib/auth-adapter-singleton.ts
🔒 Security Features
Email Account Linking Automatic account linking for same email across providers:
GoogleProvider({
typescript
KYC (Know Your Customer) Integration Document upload with Vercel Blob storage:
// features/auth/components/kyc-upload.tsx
GDPR/CCPA Compliance 30-day grace period account deletion:
🛠️ Implementation Examples
Server-Side Authentication
Client-Side Authentication
Role-Based Access Control
📊 Performance Metrics
📊 Performance Metrics
📊 Performance Metrics Metric Value Industry Standard Google OAuth Login <500ms2-3s GIS One Tap Login <300msN/A Magic Link Send <200ms500ms-1s Wallet Connection Success 95% 40% Session Creation <100ms200-500ms PIN Setup Completion 87% N/A Email Linking Success 100% Manual process
Metric Value Industry Standard Google OAuth Login <500ms2-3s GIS One Tap Login <300msN/A Magic Link Send <200ms500ms-1s Wallet Connection Success 95% 40% Session Creation <100ms200-500ms PIN Setup Completion 87% N/A Email Linking Success 100% Manual process
Metric Value Industry Standard Google OAuth Login <500ms2-3s GIS One Tap Login <300msN/A Magic Link Send <200ms500ms-1s Wallet Connection Success 95% 40% Session Creation <100ms200-500ms PIN Setup Completion 87% N/A Email Linking Success 100% Manual process
🔧 Configuration Reference
Environment Variables Auth.js Core Google OAuth Apple Sign-In Magic Links WalletConnect Firebase (if using firebase-full mode) Database Backend Mode
🚀 Next Steps
For Ringdom. For the Light. For Secure Authentication.
🔐 Perfect authentication. Perfect security. Perfect user experience. 🔥
<=
getRoleLevel
(
currentRole
))
{
🔧 Configuration Reference
Environment Variables Auth.js Core Google OAuth Apple Sign-In Magic Links WalletConnect Firebase (if using firebase-full mode) Database Backend Mode
🚀 Next Steps
For Ringdom. For the Light. For Secure Authentication.
🔐 Perfect authentication. Perfect security. Perfect user experience. 🔥
<=
getRoleLevel
(
currentRole
))
{
🔧 Configuration Reference
Environment Variables Auth.js Core Google OAuth Apple Sign-In Magic Links WalletConnect Firebase (if using firebase-full mode) Database Backend Mode
🚀 Next Steps
For Ringdom. For the Light. For Secure Authentication.
🔐 Perfect authentication. Perfect security. Perfect user experience. 🔥
<=
getRoleLevel
(
currentRole
))
{
throw new Error ( ' Cannot downgrade or lateral move ' )
}
// Update user role
throw new Error ( ' Cannot downgrade or lateral move ' )
}
// Update user role
throw new Error ( ' Cannot downgrade or lateral move ' )
}
// Update user role
await db . update ( ' users ' , userId , { role : newRole } )
await db . update ( ' users ' , userId , { role : newRole } )
await db . update ( ' users ' , userId , { role : newRole } )
// Audit log
await createAuditLog ( {
userId ,
action : ' role_upgrade ' ,
from : currentRole ,
to : newRole ,
paymentReference ,
timestamp : new Date ()
} )
// Audit log
await createAuditLog ( {
userId ,
action : ' role_upgrade ' ,
from : currentRole ,
to : newRole ,
paymentReference ,
timestamp : new Date ()
} )
// Audit log
await createAuditLog ( {
userId ,
action : ' role_upgrade ' ,
from : currentRole ,
to : newRole ,
paymentReference ,
timestamp : new Date ()
} )
// Notify user
await sendNotification ( userId , {
type : ' role_upgrade ' ,
title : ` Upgraded to ${ newRole } ` ,
message : ` Your account has been upgraded. New features unlocked! `
} )
}
// Notify user
await sendNotification ( userId , {
type : ' role_upgrade ' ,
title : ` Upgraded to ${ newRole } ` ,
message : ` Your account has been upgraded. New features unlocked! `
} )
}
// Notify user
await sendNotification ( userId , {
type : ' role_upgrade ' ,
title : ` Upgraded to ${ newRole } ` ,
message : ` Your account has been upgraded. New features unlocked! `
} )
}
