# Audit Logging Configuration Configure audit logging to track all authentication activities and security events. ### Event Types ```javascript const auditEvents = [ 'auth.login', 'auth.logout', 'auth.failed_login', 'user.created', 'user.deleted', 'password.reset', 'mfa.enabled', 'permission.changed' ]; ``` ### Log Structure ```json { "timestamp": "2024-01-10T15:30:00Z", "event": "auth.login", "actor": { "id": "user_123", "ip": "192.168.1.1", "userAgent": "Mozilla/5.0..." }, "resource": { "type": "user", "id": "user_123" }, "metadata": { "mfaUsed": true, "provider": "password" } } ``` ### Retention Policy ```yaml auditLogs: retention: default: 365 # days securityEvents: 730 compliance: 2555 # 7 years ``` ### Query API ```javascript const logs = await auth.audit.query({ event: 'auth.login', actor: 'user_123', dateRange: { start: '2024-01-01', end: '2024-01-31' } }); ``` For compliance reporting and advanced analytics, see our enterprise documentation. # API Reference: Authentication Endpoints Complete reference for authentication API endpoints with request/response formats and examples. ### POST /auth/token Exchange credentials for access token. **Request:** ```json { "grant_type": "password", "username": "user@example.com", "password": "secure123", "scope": "openid profile email" } ``` **Response:** ```json { "access_token": "eyJhbG...", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "8xLOx...", "scope": "openid profile email" } ``` ### POST /auth/refresh Refresh access token using refresh token. **Headers:** ```text Authorization: Bearer ``` **Response:** ```json { "access_token": "eyJhbG...", "expires_in": 3600 } ``` See error codes section for detailed error responses. # Branding and UI Customization Customize the authentication UI to provide a seamless branded experience. ### Basic Branding ```json { "branding": { "logo": "https://yourcompany.com/logo.png", "favicon": "https://yourcompany.com/favicon.ico", "colors": { "primary": "#007bff", "secondary": "#6c757d", "background": "#ffffff", "text": "#333333" }, "font": { "family": "Inter, sans-serif", "url": "https://fonts.googleapis.com/css2?family=Inter" } } } ``` ### Custom CSS ```css .auth-container { border-radius: 12px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); } .auth-button { background: var(--primary-color); transition: all 0.3s ease; } .auth-button:hover { transform: translateY(-2px); } ``` ### Email Templates ```html
Logo

Welcome to {{companyName}}

Please verify your email address.

``` ### Advanced Customization ```javascript auth.customize({ theme: 'dark', components: { loginButton: CustomLoginButton, signupForm: CustomSignupForm }, hooks: { beforeRender: (context) => { // Custom logic } } }); ``` For white-labeling options, see our enterprise customization guide. # Custom Domain Configuration Set up custom domains to provide branded authentication experiences. ### DNS Configuration Add the following records to your DNS: ```text Type Host Value CNAME auth verify.authcompany.com TXT _verify.auth verification-token-123 ``` ### SSL Certificate Setup ```yaml domain: name: auth.yourcompany.com ssl: autoProvision: true provider: letsencrypt ``` ### Verification Process ```javascript const domainSetup = await auth.domains.create({ domain: 'auth.yourcompany.com', verifyOwnership: true }); console.log(domainSetup.verificationToken); ``` ### Nginx Configuration ```nginx server { server_name auth.yourcompany.com; ssl_certificate /etc/ssl/certs/auth.yourcompany.com.crt; ssl_certificate_key /etc/ssl/private/auth.yourcompany.com.key; location / { proxy_pass http://auth-backend; proxy_set_header Host $host; } } ``` For wildcard certificates and advanced setups, see our enterprise guide. # JavaScript SDK Reference Comprehensive reference for the JavaScript SDK with TypeScript support. ### Installation ```bash npm install @authcompany/js-sdk ``` ### Initialization ```typescript import { AuthClient } from '@authcompany/js-sdk'; const auth = new AuthClient({ clientId: string; domain: string; redirectUri?: string; audience?: string; scope?: string; }); ``` ### Core Methods #### loginWithRedirect() Initiates login flow with redirect. ```typescript await auth.loginWithRedirect({ appState?: any; loginHint?: string; }); ``` #### getUser() Retrieves authenticated user profile. ```typescript const user = await auth.getUser(); // Returns: User | null ``` #### handleRedirectCallback() Processes authentication callback. ```typescript const result = await auth.handleRedirectCallback(); // Returns: { appState?: any } ``` ### Events ```typescript auth.on('authenticated', (user) => { console.log('User logged in:', user); }); ``` For advanced usage and configuration, see our advanced guides. # Multi-Tenancy Setup Guide Configure multi-tenant authentication for SaaS applications with proper isolation and customization. ### Tenant Configuration ```json { "tenant": { "id": "tenant-123", "name": "Acme Corp", "domain": "acme.auth.com", "settings": { "branding": { "logo": "https://...", "colors": { "primary": "#007bff" } } } } } ``` ### Data Isolation Each tenant has isolated: - User database - Configuration - Audit logs - API keys ### Custom Domains ```nginx server { server_name *.auth.com; location / { proxy_pass http://auth-service; proxy_set_header X-Tenant-ID $tenant_id; } } ``` ### Tenant Resolution ```javascript const tenant = await resolveTenant({ domain: req.hostname, apiKey: req.headers['x-api-key'] }); ``` For advanced configurations, see our enterprise documentation. # Password Policy Configuration Configure password policies to enforce strong authentication security standards. ### Basic Policy Configuration ```json { "passwordPolicy": { "minLength": 12, "requireUppercase": true, "requireLowercase": true, "requireNumbers": true, "requireSpecialChars": true, "maxLength": 128 } } ``` ### Advanced Rules ```javascript const advancedPolicy = { preventCommonPasswords: true, preventUserInfo: true, minUniqueChars: 5, preventRepeatingChars: 3, preventSequentialChars: 3 }; ``` ### Password History ```yaml passwordHistory: enabled: true rememberCount: 5 minimumAgeDays: 1 ``` ### Expiration Policy ```javascript const expirationPolicy = { enabled: true, expirationDays: 90, warningDays: 14, gracePeriodDays: 7 }; ``` ### Breach Detection ```javascript auth.passwordPolicy.enableBreachDetection({ checkAgainstLeaks: true, autoForceReset: true, notifyUser: true }); ``` For custom validation rules and enterprise policies, see our security guide. # Quick Start Guide This guide will help you integrate our authentication solution into your application in minutes. We'll cover installation, basic configuration, and your first authentication flow. ### Prerequisites - Node.js 14+ or Python 3.8+ - npm or yarn - An account on our platform ### Step 1: Installation ```bash npm install @authcompany/sdk # or yarn add @authcompany/sdk ``` ### Step 2: Initialize the SDK ```javascript import { AuthClient } from '@authcompany/sdk'; const auth = new AuthClient({ clientId: 'YOUR_CLIENT_ID', domain: 'your-tenant.auth.com' }); ``` ### Step 3: Implement Login ```javascript auth.loginWithRedirect({ redirectUri: window.location.origin + '/callback' }); ``` You're now ready to authenticate users! Check our detailed guides for advanced features. # Rate Limiting Configuration Protect your authentication endpoints with configurable rate limiting rules. ### Basic Configuration ```yaml rateLimits: login: windowMs: 900000 # 15 minutes max: 5 # limit each IP to 5 requests per windowMs register: windowMs: 3600000 # 1 hour max: 3 passwordReset: windowMs: 3600000 max: 3 ``` ### Custom Rules ```javascript const customLimiter = rateLimit({ keyGenerator: (req) => { return req.headers['x-api-key'] || req.ip; }, handler: (req, res) => { res.status(429).json({ error: 'Too many requests', retryAfter: 60 }); } }); ``` ### Redis-Based Rate Limiting ```javascript const redisStore = new RedisStore({ client: redisClient, prefix: 'rl:' }); const limiter = rateLimit({ store: redisStore, windowMs: 15 * 60 * 1000, max: 100 }); ``` ### Bypass Rules ```javascript const bypassList = ['trusted-ip-1', 'trusted-ip-2']; if (bypassList.includes(req.ip)) { return next(); } ``` For distributed rate limiting, see our scaling guide. # Role-Based Access Control (RBAC) Implementation Configure role-based access control to manage user permissions effectively. ### Role Definition ```json { "role": { "name": "admin", "description": "Full system access", "permissions": [ "users:read", "users:write", "users:delete", "settings:manage" ] } } ``` ### Role Assignment ```javascript await auth.users.assignRoles(userId, ['admin', 'editor']); ``` ### Permission Checking ```javascript const canEdit = await auth.hasPermission(user, 'posts:edit'); if (!canEdit) { throw new ForbiddenError(); } ``` ### Role Hierarchies ```yaml roles: superadmin: inherits: [admin] permissions: [system:manage] admin: inherits: [editor] permissions: [users:manage] editor: permissions: [content:edit] ``` For complex permission scenarios, see our advanced RBAC guide. # Security Best Practices Follow these security best practices to ensure your authentication implementation is secure. ### Token Storage - Never store tokens in localStorage - Use httpOnly cookies when possible - Implement secure token refresh flows ### PKCE Implementation Always use PKCE for public clients: ```javascript const codeVerifier = generateRandomString(); const codeChallenge = await sha256(codeVerifier); auth.loginWithRedirect({ code_challenge: codeChallenge, code_challenge_method: 'S256' }); ``` ### API Security - Always use HTTPS - Validate tokens on every request - Implement rate limiting ### XSS Prevention ```javascript // Sanitize user input const sanitized = DOMPurify.sanitize(userInput); ``` ### CSRF Protection - Use SameSite cookies - Implement CSRF tokens - Validate Origin headers Regular security audits and penetration testing are recommended. # Self-Hosting Guide This guide covers deploying our open source authentication platform in your infrastructure. ### System Requirements - Docker 20.10+ - PostgreSQL 14+ - Redis 6+ - 2 CPU cores, 4GB RAM minimum ### Docker Deployment ```yaml version: '3.8' services: auth-server: image: authcompany/server:latest environment: - DATABASE_URL=postgres://user:pass@db:5432/auth - REDIS_URL=redis://redis:6379 ports: - "8080:8080" depends_on: - db - redis ``` ### Configuration Create `config.yaml`: ```yaml server: port: 8080 host: 0.0.0.0 database: pool_size: 20 security: jwt_secret: "your-secret-key" ``` ### Backup & Recovery Regular backups are essential. Use our backup script: ```bash ./scripts/backup.sh --full ``` For detailed configuration options, see our configuration reference. # OAuth Provider Configuration Integrate popular OAuth providers to enable social login in your applications. ### Google OAuth Setup 1. Create project in Google Cloud Console 2. Configure OAuth consent screen 3. Create credentials ```javascript const googleConfig = { clientId: 'your-client-id.apps.googleusercontent.com', clientSecret: 'your-client-secret', scopes: ['email', 'profile'], callbackUrl: 'https://your-app.com/callback/google' }; ``` ### GitHub OAuth Setup ```javascript const githubConfig = { clientId: 'Iv1.xxx', clientSecret: 'xxx', scopes: ['user:email', 'read:user'], callbackUrl: 'https://your-app.com/callback/github' }; ``` ### Microsoft OAuth Setup ```javascript const microsoftConfig = { clientId: 'your-app-id', clientSecret: 'your-secret', tenant: 'common', scopes: ['User.Read', 'email'], callbackUrl: 'https://your-app.com/callback/microsoft' }; ``` ### Implementation ```javascript auth.configure({ providers: { google: googleConfig, github: githubConfig, microsoft: microsoftConfig } }); ``` For custom OAuth providers, see our advanced integration guide. # Webhook Configuration Guide Set up webhooks to receive real-time notifications for authentication events. ### Available Events - `user.created` - `user.login` - `user.logout` - `user.password_reset` - `security.alert` ### Webhook Configuration ```json { "url": "https://your-api.com/webhooks", "events": ["user.login", "user.logout"], "secret": "your-webhook-secret", "headers": { "X-Custom-Header": "value" } } ``` ### Payload Structure ```json { "event": "user.login", "timestamp": "2024-02-05T10:00:00Z", "data": { "user_id": "usr_123", "ip_address": "192.168.1.1", "user_agent": "Mozilla/5.0..." } } ``` ### Security Verify webhook signatures: ```javascript const signature = req.headers['x-webhook-signature']; const payload = req.rawBody; const isValid = verifySignature(payload, signature, secret); ``` For retry policies and error handling, see our integration guide. # Comprehensive Comparison: Our Authentication Platform vs Auth0 This comprehensive comparison helps you understand the key differences between our authentication platform and Auth0, enabling you to make an informed decision for your project. ### Feature Comparison | Feature | Our Platform | Auth0 | | ------------------ | ------------------------ | ------------------- | | Open Source Option | ✅ Full OSS version | ❌ Proprietary only | | Self-Hosting | ✅ Complete control | ❌ Limited options | | Pricing Model | Usage-based, transparent | Complex tier system | | Custom Domains | ✅ Unlimited | Limited by plan | | API Rate Limits | Generous, customizable | Strict limits | | Data Residency | ✅ Your choice | Limited regions | ### Deployment Options #### Our Platform - Self-hosted: Complete control over infrastructure - Cloud: Multi-region deployment - Hybrid: Mix of self-hosted and cloud - Edge: Deploy authentication at the edge #### Auth0 - Cloud-only for most features - Private cloud (enterprise only) - Limited self-hosting capabilities ### Developer Experience #### SDK and Integration ```javascript // Our SDK - Simple, intuitive import { AuthClient } from '@ourcompany/auth'; const auth = new AuthClient({ domain: 'your-domain.com', clientId: 'your-client-id' }); // Auth0 - More configuration required import { Auth0Client } from '@auth0/auth0-spa-js'; const auth0 = new Auth0Client({ domain: 'your-tenant.auth0.com', client_id: 'your-client-id', cacheLocation: 'localstorage', useRefreshTokens: true }); ``` ### Customization Capabilities #### Our Platform - Full UI customization with CSS/JS - Custom authentication flows - Extensible via plugins - White-labeling included #### Auth0 - Limited UI customization - Rules engine (being deprecated) - Actions (limited flexibility) - White-labeling (enterprise only) ### Pricing Comparison #### Our Platform - **Free Tier**: Up to 10,000 MAU - **Pro**: $0.005 per MAU - **Enterprise**: Custom pricing - **Self-hosted**: Free (OSS) #### Auth0 - **Free Tier**: Up to 7,000 MAU - **Essential**: $23/month + $0.013 per MAU - **Professional**: $240/month + fees - **Enterprise**: Quote-based ### Security Features Both platforms offer: - MFA support - SSO capabilities - Passwordless options - Compliance certifications Our advantages: - Zero-trust architecture built-in - Advanced threat detection - Custom security policies - Full audit trail access ### Migration Support We provide: - Automated migration tools - Zero-downtime migration - Data mapping assistance - Dedicated migration support ### Conclusion While Auth0 is a mature platform, our solution offers better flexibility, transparent pricing, and the freedom of open-source deployment. Choose our platform if you need: - Complete control over your auth infrastructure - Predictable, scalable pricing - Advanced customization options - Option to self-host # Billing and Subscription Management ## Billing and Subscription Management This guide covers everything you need to know about managing your billing, subscriptions, and payment information for your Authoh account. ### Understanding Billing Plans #### Available Plans Authoh offers several pricing tiers to match your needs: - **Free**: Limited features for testing and development - **Starter**: For small teams and projects (up to 1,000 monthly active users) - **Growth**: For growing applications (up to 10,000 monthly active users) - **Scale**: For larger applications (up to 100,000 monthly active users) - **Enterprise**: Custom solutions for large organizations Each plan includes different feature sets and usage limits. For the most current pricing, visit our [pricing page](https://trywilder.com/pricing). #### How Billing Works Authoh bills based on: 1. Your base subscription tier 2. Monthly active users (MAU) 3. Additional features enabled 4. Usage beyond included limits For usage-based features, we bill at the end of each billing cycle based on your actual usage. ### Managing Your Subscription #### Viewing Current Plan & Usage To see your current plan and usage metrics: 1. Go to **Dashboard > Settings > Billing** 2. View your current plan details 3. Check usage metrics for the current billing period 4. See estimated costs based on current usage trends #### Upgrading Your Plan When your needs grow: 1. Navigate to **Dashboard > Settings > Billing** 2. Click **Upgrade Plan** 3. Select your new plan 4. Review the changes in features and pricing 5. Confirm the upgrade Your new plan will be effective immediately, and you'll be billed prorated charges for the remainder of your current billing cycle. #### Downgrading Your Plan If you need to reduce your subscription: 1. Go to **Dashboard > Settings > Billing** 2. Click **Change Plan** 3. Select a lower tier 4. Review the changes in features and pricing 5. Confirm the downgrade Downgrades typically take effect at the end of your current billing cycle. ### Payment Management #### Adding Payment Methods To add a new payment method: 1. Navigate to **Dashboard > Settings > Billing > Payment Methods** 2. Click **Add Payment Method** 3. Enter your credit card information or select other payment options 4. Set as default if desired 5. Click **Save** We accept major credit cards (Visa, Mastercard, American Express) and ACH transfers for Enterprise customers. #### Updating Payment Information To update existing payment information: 1. Go to **Dashboard > Settings > Billing > Payment Methods** 2. Find the payment method you want to update 3. Click **Edit** 4. Update the information 5. Click **Save Changes** #### Setting Default Payment Method If you have multiple payment methods: 1. Go to **Dashboard > Settings > Billing > Payment Methods** 2. Find the payment method you want to set as default 3. Click the three dots (⋮) next to it 4. Select **Set as Default** ### Invoices and Receipts #### Viewing Invoices To access your billing history: 1. Navigate to **Dashboard > Settings > Billing > Invoices** 2. View a list of all past invoices 3. Click on any invoice to see detailed breakdown #### Downloading Invoices To download an invoice: 1. Go to **Dashboard > Settings > Billing > Invoices** 2. Find the invoice you want to download 3. Click the download icon 4. Select PDF or CSV format #### Requesting Custom Invoices For special invoice requirements: 1. Contact our billing support at 2. Specify your requirements (e.g., additional company information, PO numbers) 3. Our team will generate a custom invoice for you ### Billing Support and FAQ #### Common Billing Questions **Q: When will I be charged?** A: For monthly plans, you're charged on the same day each month. For annual plans, you're charged once per year on your subscription anniversary. **Q: How do I update my company information on invoices?** A: Go to **Dashboard > Organization > Company Profile** to update your billing information. **Q: What happens if my payment fails?** A: We'll retry the payment and notify you by email. After multiple failed attempts, your account may be restricted until payment issues are resolved. **Q: How do I cancel my subscription?** A: Go to **Dashboard > Settings > Billing > Subscription** and click **Cancel Subscription**. Your account will remain active until the end of your current billing period. #### Getting Help with Billing If you need additional assistance with billing matters: - Email: - Support Portal: [support.authoh.com/billing](https://support.authoh.com/billing){rel="nofollow"} - Phone (Enterprise customers): +1 (555) 123-4567 For enterprise customers, please contact your dedicated account manager for billing assistance. # Frequently Asked Questions ## Frequently Asked Questions Find answers to the most common questions about Authoh's authentication platform. ### General Questions #### What is Authoh? Authoh is an authentication platform that helps developers easily add secure authentication and user management to their applications. It offers features like social login, multi-factor authentication, role-based access control, and more. #### Is Authoh open source? Yes, Authoh has both open-source and cloud versions. The open-source version can be self-hosted and is free to use. The cloud version offers additional features, managed infrastructure, and enterprise support. #### Which platforms does Authoh support? Authoh supports web applications, mobile apps (iOS and Android), single-page applications (SPAs), and backend APIs. We provide SDKs for popular frameworks and languages including JavaScript, React, Angular, Vue, Node.js, Python, and more. ### Account & Pricing #### How much does Authoh cost? Authoh offers several pricing tiers: - **Free**: For development and small projects - **Starter**: $29/month for up to 1,000 MAU - **Growth**: $99/month for up to 10,000 MAU - **Scale**: $249/month for up to 100,000 MAU - **Enterprise**: Custom pricing for large-scale needs Visit our [pricing page](https://trywilder.com/pricing) for the most current information. #### How do you count Monthly Active Users (MAU)? We count unique users who authenticate through your Authoh instance within a calendar month. A user is counted only once per month, regardless of how many times they log in or how many applications they access. #### Can I change my plan at any time? Yes, you can upgrade or downgrade your plan at any time. Upgrades take effect immediately, while downgrades take effect at the end of your current billing cycle. #### Do you offer a free trial? Yes, we offer a 14-day free trial of all paid plans with no credit card required. You can try all features before committing to a paid plan. ### Security #### Is Authoh GDPR-compliant? Yes, Authoh is designed with GDPR compliance in mind. We provide tools for data export, user consent management, and data deletion to help you meet GDPR requirements. #### Does Authoh support Multi-Factor Authentication (MFA)? Yes, Authoh supports various MFA methods including: - Authenticator apps (TOTP) - SMS verification - Email codes - WebAuthn/FIDO2 (biometric and security keys) - Push notifications (Enterprise plan) #### How does Authoh handle data security? Authoh implements industry best practices for security: - All data is encrypted at rest and in transit - Passwords are hashed using bcrypt - Token-based authentication with short expiration times - Regular security audits and penetration testing - Automatic security updates for cloud customers #### Can I use my own custom domain? Yes, all paid plans support custom domains with SSL certificates. This allows you to use domains like `auth.yourdomain.com` for a seamless brand experience. ### Technical Questions #### What authentication protocols does Authoh support? Authoh supports modern authentication protocols including: - OAuth 2.0 - OpenID Connect - SAML 2.0 (Enterprise plan) - JWT-based authentication - Social login protocols #### Can I migrate from Auth0/Firebase/Okta? Yes, we provide migration tools and guides for moving from other authentication providers. Our migration wizard helps you transfer users, roles, and settings with minimal disruption. #### How can I integrate Authoh with my application? Integration is simple with our SDKs: ```javascript // Example: JavaScript SDK integration import { AuthClient } from '@authoh/sdk'; const auth = new AuthClient({ domain: 'your-project.authoh.com', clientId: 'YOUR_CLIENT_ID' }); // Login with redirect auth.loginWithRedirect(); // Check if user is authenticated const isAuthenticated = await auth.isAuthenticated(); // Get user profile const user = await auth.getUser(); ``` #### Does Authoh support Single Sign-On (SSO)? Yes, Authoh supports SSO allowing users to access multiple applications with a single login. Enterprise plans include advanced SSO features like SAML integration and cross-domain SSO. ### Self-Hosting #### What are the requirements for self-hosting Authoh? To self-host the open-source version, you'll need: - Docker or Kubernetes environment - PostgreSQL database - Redis (for session management) - Node.js runtime - Minimum 2GB RAM and 1 CPU core Detailed requirements are available in our [self-hosting documentation](https://trywilder.com/docs/self-hosting). #### Can I get support for the self-hosted version? Yes, we offer paid support plans for self-hosted installations. These include SLA-backed support, priority bug fixes, and implementation assistance. #### How do I upgrade my self-hosted instance? Self-hosted instances can be upgraded through our Docker images or by pulling the latest code from our repository. We follow semantic versioning and provide detailed release notes for each version. ### Still Have Questions? If you don't see your question answered here: - Check our [detailed documentation](https://trywilder.com/docs) - Browse our [community forum](https://community.authoh.com){rel="nofollow"} - [Contact our support team](https://trywilder.com/contact) for personalized assistance # Getting Started with Authoh ## Welcome to Authoh! This guide will help you get started with Authoh's authentication platform. We'll cover everything from creating your account to integrating authentication into your application. ### Step 1: Create Your Account 1. Go to the [Authoh Dashboard](https://dashboard.authoh.com/register){rel="nofollow"} 2. Enter your email address and create a password 3. Verify your email address 4. Complete your profile information ### Step 2: Create Your First Project Once you've logged in to your Authoh dashboard: 1. Click on "New Project" in the top-right corner 2. Enter a name for your project 3. Choose your project type (Web App, Mobile App, or API) 4. Select your preferred authentication methods ### Step 3: Configure Your Domain For better branding and user experience: 1. Go to "Settings" > "Domains" 2. Add your custom domain (e.g., auth.yourdomain.com) 3. Follow the DNS configuration instructions 4. Verify your domain ### Step 4: Integrate with Your Application #### Using Our SDK ```javascript // Install the SDK npm install @authoh/sdk // Initialize in your app import { AuthClient } from '@authoh/sdk'; const auth = new AuthClient({ domain: 'your-project.authoh.com', clientId: 'YOUR_CLIENT_ID' }); // Implement login function login() { auth.loginWithRedirect(); } ``` ### Need More Help? - Check our [documentation](https://trywilder.com/docs) for detailed guides - Join our [community Discord](https://discord.gg/authoh){rel="nofollow"} to connect with other developers - Contact for direct assistance Remember, you can always reach out to our support team if you encounter any issues during the setup process. # Managing Your Authoh Account ## Managing Your Authoh Account This guide covers how to effectively manage users, roles, and permissions in your Authoh account. Proper account management helps maintain security and ensures users have appropriate access levels. ### User Management #### Inviting New Users To invite team members to your Authoh organization: 1. Navigate to **Dashboard > Organization > Members** 2. Click **Invite Members** 3. Enter the email addresses of the people you want to invite 4. Select the appropriate role for each person 5. Optionally, add a personalized message 6. Click **Send Invites** Invitees will receive an email with instructions to join your organization. #### Managing Existing Users To manage existing users in your organization: 1. Go to **Dashboard > Organization > Members** 2. View all active users and their roles 3. To edit a user, click the three dots (⋮) next to their name 4. From the dropdown menu, you can: - Change their role - Resend invitation (for pending users) - Remove from organization #### Deactivating Users When a team member leaves your organization: 1. Go to **Dashboard > Organization > Members** 2. Find the user you want to deactivate 3. Click the three dots (⋮) and select **Remove** 4. Confirm the removal This revokes the user's access to your Authoh organization immediately. ### Role-Based Access Control (RBAC) #### Default Roles Authoh provides several default roles: - **Admin**: Full access to all organization settings and features - **Developer**: Can manage applications and technical configurations - **Analyst**: Read-only access to analytics and reports - **Support**: Can manage users but not organization settings #### Creating Custom Roles To create a custom role: 1. Go to **Dashboard > Organization > Roles** 2. Click **Create Role** 3. Provide a name and description for the role 4. Select the permissions you want to grant 5. Click **Create Role** #### Assigning Permissions Customize permissions for each role: 1. Go to **Dashboard > Organization > Roles** 2. Select the role you want to modify 3. In the Permissions tab, toggle features on/off 4. Categories of permissions include: - User management - Application settings - API access - Billing - Organization settings ### Organization Settings #### Updating Organization Profile 1. Navigate to **Dashboard > Organization > Settings** 2. You can update: - Organization name - Display logo - Contact information - Default language and region #### Security Settings Enhance your organization's security: 1. Go to **Dashboard > Organization > Security** 2. Configure: - Password policies - MFA requirements - Session timeout settings - IP allowlisting #### Domain Management Add and verify domains for your organization: 1. Navigate to **Dashboard > Organization > Domains** 2. Click **Add Domain** 3. Enter your domain name 4. Follow the verification steps (DNS or file upload) 5. Once verified, you can use the domain for authentication ### Billing and Subscription #### Viewing Current Plan 1. Go to **Dashboard > Organization > Billing** 2. View your current plan, usage metrics, and billing cycle #### Upgrading or Changing Plans 1. Navigate to **Dashboard > Organization > Billing** 2. Click **Change Plan** 3. Select the new plan that meets your needs 4. Confirm the change #### Managing Payment Methods 1. Go to **Dashboard > Organization > Billing > Payment Methods** 2. You can: - Add new payment methods - Set a default payment method - Remove outdated payment information ### Need Further Assistance? If you need help with advanced account management: - Check our [detailed documentation](https://trywilder.com/docs/account-management) - Contact our [support team](https://trywilder.com/contact) for personalized help - For enterprise customers, reach out to your dedicated account manager Our team is available to help you optimize your account structure and permissions. # Security Best Practices for Authoh ## Security Best Practices for Authoh Proper security configuration is essential for protecting your authentication infrastructure and user data. This guide covers recommended security practices for your Authoh implementation. ### Account Security #### Enable Multi-Factor Authentication (MFA) Require MFA for all administrators and team members: 1. Go to **Dashboard > Organization > Security** 2. Enable **Require MFA for all organization members** 3. Choose which MFA methods to allow: - Authenticator apps (recommended) - SMS verification - Email codes - WebAuthn/security keys (most secure) #### Implement Strong Password Policies Enforce strong passwords for your users: 1. Navigate to **Dashboard > Security > Password Policy** 2. Configure the following settings: - Minimum password length: 12 characters (recommended) - Require uppercase, lowercase, numbers, and special characters - Enable dictionary-based weak password detection - Set password expiration (if required by your security policy) - Prevent password reuse #### Manage API Keys Securely Protect your API keys and secrets: 1. Use separate API keys for different environments (development, staging, production) 2. Rotate API keys regularly (at least every 90 days) 3. Never commit API keys to source code repositories 4. Use environment variables or secrets management solutions 5. Enable key rotation notifications Example secure API key storage: ```javascript // INCORRECT - Keys in source code const authohClient = new AuthohClient({ clientId: 'abc123456789', clientSecret: 'verysecretvalue' }); // CORRECT - Keys in environment variables const authohClient = new AuthohClient({ clientId: process.env.AUTHOH_CLIENT_ID, clientSecret: process.env.AUTHOH_CLIENT_SECRET }); ``` ### Application Configuration #### Enable CORS Protection Properly configure CORS to prevent cross-site attacks: 1. Go to **Dashboard > Applications > [Your App] > Settings > CORS** 2. Add specific origins instead of using wildcards 3. Only allow necessary HTTP methods 4. Configure appropriate caching directives ```javascript // Example of secure CORS configuration const corsOptions = { origin: ['https://yourdomain.com', 'https://app.yourdomain.com'], methods: ['GET', 'POST'], allowedHeaders: ['Authorization', 'Content-Type'], maxAge: 86400 }; ``` #### Implement Proper Token Handling Secure your JWT tokens: 1. Use short expiration times for access tokens (15-60 minutes) 2. Configure refresh token rotation 3. Use HttpOnly, secure cookies for web applications 4. Implement token validation on all protected endpoints Example secure token storage in a web application: ```javascript // INCORRECT - Storing tokens in localStorage localStorage.setItem('access_token', accessToken); // CORRECT - Using cookies with proper flags document.cookie = `access_token=${accessToken}; HttpOnly; Secure; SameSite=Strict; Max-Age=3600`; ``` #### Configure Callback URLs Limit redirect URLs to prevent open redirect vulnerabilities: 1. Go to **Dashboard > Applications > [Your App] > Settings > URLs** 2. Add only specific callback/redirect URLs 3. Avoid using wildcards or patterns that could be exploited ### Infrastructure Security #### IP Allowlisting Restrict dashboard access by IP (for enterprise plans): 1. Navigate to **Dashboard > Organization > Security > Network** 2. Enable IP allowlisting 3. Add the IP ranges that should have dashboard access 4. Save your configuration #### Regular Security Scanning Implement regular security checks: 1. Enable **Security Scanning** in your dashboard 2. Schedule automated vulnerability assessments 3. Review security notifications promptly 4. Address identified vulnerabilities #### Enable Logging and Monitoring Set up comprehensive logging: 1. Go to **Dashboard > Monitoring > Logs** 2. Configure log retention periods 3. Enable alert notifications for suspicious activities: - Failed login attempts - Unusual location logins - Admin account changes - API key usage from new locations #### Data Protection Protect sensitive user data: 1. Enable **Field Encryption** for sensitive user metadata 2. Configure data retention policies 3. Implement proper GDPR controls 4. Use pseudonymization where appropriate ### Advanced Security Features #### Implement Rate Limiting Protect against brute force and denial-of-service attacks: 1. Go to **Dashboard > Security > Rate Limiting** 2. Enable rate limiting for login and registration endpoints 3. Configure appropriate thresholds: - Login attempts: 5-10 per minute per IP - Registration: 3-5 per hour per IP - Password reset: 3 per hour per user/IP ```javascript // Example rate limiting configuration { "endpoints": { "/api/auth/login": { "limit": 5, "window": "1m" }, "/api/auth/register": { "limit": 3, "window": "1h" } }, "defaultAction": "block" } ``` #### Implement Brute Force Protection Prevent automated password guessing: 1. Navigate to **Dashboard > Security > Brute Force Protection** 2. Enable account lockout after consecutive failed attempts 3. Configure lockout duration and reset conditions 4. Set up notification alerts for locked accounts #### Bot Protection Protect authentication endpoints from bots: 1. Go to **Dashboard > Security > Bot Protection** 2. Enable CAPTCHA for suspicious login attempts 3. Configure browser fingerprinting 4. Enable machine learning-based detection (Enterprise plan) ### Security Response Plan #### Incident Response Prepare for security incidents: 1. Document your incident response plan 2. Identify team members responsible for security incidents 3. Configure security alerts to appropriate channels (email, Slack, etc.) 4. Practice your response plan regularly #### User Communication Plan for security communications: 1. Prepare email templates for security incidents 2. Configure your notification settings in **Dashboard > Organization > Notifications** 3. Document your process for notifying affected users #### Security Contact Establish security contacts: 1. Set up a security@ email address for vulnerability reports 2. Consider implementing a bug bounty program 3. Designate security contacts in your organization ### Compliance Considerations #### Regulatory Compliance Configure necessary compliance settings: 1. Go to **Dashboard > Compliance** 2. Enable applicable regulations: - GDPR (European Union) - CCPA/CPRA (California) - HIPAA (Healthcare - US) - SOX (Financial - US) - LGPD (Brazil) 3. Configure data residency settings if needed #### Audit Logging Maintain comprehensive audit logs: 1. Navigate to **Dashboard > Monitoring > Audit Logs** 2. Configure log retention periods according to compliance requirements 3. Set up log export to your SIEM system if needed 4. Enable logging for all security-critical events ### Regular Security Maintenance #### Update Frequently Keep your Authoh instance updated: 1. For cloud users: Updates are applied automatically 2. For self-hosted: Subscribe to security bulletins and apply updates promptly 3. Review release notes for security-related changes #### Regular Security Reviews Schedule periodic security reviews: 1. Conduct quarterly reviews of your Authoh security settings 2. Review user access rights and remove unused accounts 3. Update security policies based on changing requirements 4. Consider external security assessments annually ### Security Resources For more information about securing your Authoh implementation: - [Security Documentation](https://trywilder.com/docs/security) - [Compliance Guides](https://trywilder.com/docs/compliance) - [Security Checklist](https://trywilder.com/resources/security-checklist.pdf) If you discover a security vulnerability, please report it immediately to or through our [security vulnerability form](https://trywilder.com/security/report). # Troubleshooting Authentication Issues ## Common Authentication Issues and Solutions This guide covers the most frequent authentication issues reported by our users and provides step-by-step solutions to resolve them. ### 1. Login Failures #### Symptoms - Users can't log in despite correct credentials - Error messages about invalid username/password - Repeated login prompts #### Solutions **Check user status:** 1. Go to your Authoh Dashboard > Users 2. Locate the user account 3. Verify the account is active and not blocked or suspended 4. Check if email verification is pending **Reset user password:** ```javascript await auth.resetPassword({ email: 'user@example.com' }); ``` **Verify provider connections:** If using social login, ensure the provider connection is properly configured in your dashboard. ### 2. Token Expiration Problems #### Symptoms - Users are repeatedly logged out - "Unauthorized" errors after short periods - Session timeouts earlier than expected #### Solutions **Adjust token lifetime:** 1. Go to Dashboard > Settings > Tokens 2. Increase the access token lifetime (default: 60 minutes) 3. Increase the refresh token lifetime if needed (default: 14 days) **Implement proper token refresh:** ```javascript // Check if token is expired before making API calls if (auth.isTokenExpired()) { await auth.refreshToken(); } // Or set up automatic token refresh auth.enableAutomaticTokenRefresh(); ``` ### 3. CORS Errors #### Symptoms - Console errors about CORS policy violations - Authentication works locally but fails in production - API calls failing with 403 errors #### Solutions **Configure allowed origins:** 1. Go to Dashboard > Settings > API 2. Add your application domains to the Allowed Origins list 3. Use wildcards sparingly (e.g., \*.yourdomain.com) **Check request headers:** Ensure your API requests include the correct headers: ```javascript fetch('https://api.yourdomain.com/data', { headers: { 'Authorization': `Bearer ${auth.getAccessToken()}`, 'Content-Type': 'application/json' } }) ``` ### 4. MFA/2FA Issues #### Symptoms - Users can't complete multi-factor authentication - MFA codes not being accepted - Users locked out after device changes #### Solutions **Reset MFA for a user:** 1. Go to Dashboard > Users 2. Select the user experiencing issues 3. Navigate to the Security tab 4. Click "Reset MFA" 5. The user will need to set up MFA again on their next login **Provide backup codes:** Make sure users have access to their recovery/backup codes that were generated when they set up MFA. **Check time synchronization:** For time-based OTP (TOTP), ensure the user's device has correct time and date settings. ### 5. API Authentication Failures #### Symptoms - API requests failing with 401 errors - JWT validation errors - Token signature issues #### Solutions **Verify API keys and secrets:** 1. Go to Dashboard > API > Keys 2. Verify you're using the correct API keys 3. Regenerate keys if necessary (note: this will invalidate existing keys) **Check JWT configuration:** ```javascript // Ensure you're using the correct audience and scope const accessToken = await auth.getTokenSilently({ audience: 'https://api.yourdomain.com', scope: 'read:data write:data' }); ``` ### Need More Help? If you're still experiencing issues after trying these solutions: 1. Check our [detailed documentation](https://trywilder.com/docs) 2. Look through [previous support threads](https://trywilder.com/support/search) for similar issues 3. [Contact our support team](https://trywilder.com/contact) with specific details about your problem Our team is available to help Monday through Friday, 9am-5pm EST. # Title Short content goes here. A few paragraphs. # Join Our New Discord Community We're excited to announce the launch of our official Discord server! This is your new home for real-time discussions, support, and community engagement. ### Server features: - Dedicated support channels - Feature request discussions - Bug reporting - Community showcase * Job board * Daily office hours with our team Whether you're using our open source version or cloud platform, this is the place to connect with other developers and our team. The first 500 members get a special "Founding Member" role! Join us today at discord.gg/authcompany # We're Now on Mastodon: Join Our Growing Community We're excited to join the fediverse! Follow us on Mastodon at @ for a more technical and community-focused experience. ### What to expect: - Daily developer tips and tricks - Architecture discussions - Security best practices - Community spotlights - Behind-the-scenes development updates Our Mastodon presence will complement our existing channels with more technical depth and direct community engagement. We believe in open protocols, not just open source! See you in the fediverse! # Series A Funding: $12M to Accelerate Growth Today we're thrilled to announce that we've raised $12M in Series A funding led by Matrix Partners, with participation from Y Combinator, Dev Tools Fund, and several angel investors from the developer community. ### What's next: - Doubling our engineering team - Expanding our open source initiatives - Enhancing enterprise features - Growing our community programs This funding validates our vision of making authentication simple, secure, and developer-friendly. We're grateful for the trust our investors have placed in us and excited about the road ahead. We're hiring across all departments - join us in building the future of authentication! # Opening Our New European Office in Berlin We're excited to announce the opening of our European headquarters in Berlin! This expansion marks a significant milestone in our growth journey and commitment to serving our global customer base. ### Why Berlin: - Vibrant tech ecosystem - Strategic location for EU operations - Access to top engineering talent - Growing customer base in Europe We're hiring for multiple positions in Berlin, including engineering, customer success, and sales roles. If you're interested in joining our European team, check out our careers page. The office will officially open on March 1st, with a launch event for the local tech community. Stay tuned for details! # Beta Program Now Open: Join Early Access Today Today marks an exciting milestone as we open our beta program to select customers. We've been working tirelessly to build the most developer-friendly authentication platform, and now we need your help to make it even better. ### What beta users get: - Early access to all features - Direct support channel with our engineering team - 50% discount for 12 months after launch - Opportunity to influence product roadmap We're currently onboarding 100 customers for the first wave. If you're interested in joining, apply through our website. We're particularly looking for teams who need enterprise-grade authentication solutions. Let's build the future of authentication together! # SOC 2 Type II Certification Achieved We're thrilled to announce that our cloud authentication platform has achieved SOC 2 Type II certification! This milestone demonstrates our unwavering commitment to security and data protection. ### What this means: - Third-party validation of our security practices - Continuous monitoring and improvement - Enterprise-ready compliance standards - Enhanced trust for our customers The audit covered all five trust service principles: security, availability, processing integrity, confidentiality, and privacy. This certification is particularly important for our enterprise customers who require stringent security standards. Thank you to our security team for their dedication to maintaining the highest standards of data protection. # Open Source Launch Date Announced: April 15th The wait is almost over! We're thrilled to announce that our open source authentication solution will be publicly available on April 15th, 2024. ### What to expect: - Full source code available on GitHub - Comprehensive documentation - Docker images for easy deployment - Community Discord server launch We've been running private beta with select contributors, and the feedback has been incredible. The community has helped us refine the developer experience, improve documentation, and add highly requested features. Stay tuned for more details about our launch event and hackathon!