Identity for the Nomu ecosystem
A single provider that handles email/password, passwordless OTP, OAuth, and Solana wallet authentication. One ultra-fast user identity across all Forge services.
Authentication Methods
Email + Password
Register with email verification, login with bcrypt-hashed password. Standard flow with password reset support.
Passwordless OTP
6-digit code sent to email. Auto-creates accounts for new users. 10 minute TTL, single use.
OAuth Providers
Google, Discord, Twitter, Apple via popup window. Callback uses postMessage to relay tokens seamlessly.
Solana Wallet
Challenge/sign/verify flow with @solana/wallet-adapter. Nonce stored in Redis with 5 minute TTL.
How it works
Access Token
RS256 JWT, 15 minute TTL. Auto-refreshed at 80% via setTimeout. Held in memory only (never persisted).
Refresh Token
httpOnly cookie, 7 day TTL. Rotated on each use with reuse detection for security.
Session
30 day hard limit. Tracks device info and IP. Revocable per-device or globally.