@forge-connect/react
Identity & authentication for the Forge ecosystem
A single provider that handles email/password, passwordless OTP, OAuth, and Solana wallet authentication. One user identity across all Forge services.
Authentication methods
Email + password
Register with email verification, login with bcrypt-hashed password. Standard flow with password reset support.
Passwordless OTP
6-digit code sent to email. Auto-creates accounts for new users. 10 minute TTL, single use.
OAuth providers
Google, Discord, Twitter, Apple via popup window. Callback uses postMessage to relay tokens.
Solana wallet
Challenge/sign/verify flow with @solana/wallet-adapter. Nonce stored in Redis with 5 minute TTL.
How it works
Access token
RS256 JWT, 15 minute TTL. Auto-refreshed at 80% via setTimeout. Stored in localStorage.
Refresh token
httpOnly cookie, 7 day TTL. Rotated on each use with reuse detection for security.
Session
30 day hard limit. Tracks device info and IP. Revocable per-device or globally.