Authentication Overview

PersonQL provides a complete authentication system built for modern applications with security, scalability, and developer experience in mind.

Authentication Methods

Email/Password Authentication

Traditional email and password authentication with secure password hashing (PBKDF2) and validation.

import { useAuth } from '@personql/react';
 
function SignIn() {
  const { signIn } = useAuth();
 
  const handleSignIn = async () => {
    await signIn({
      email: 'user@example.com',
      password: 'securePassword123',
      rememberMe: true,
    });
  };
}

OAuth Providers

Integrate with popular OAuth providers:

Google
GitHub
Microsoft
Facebook
Apple

import { useAuth } from '@personql/react';
 
function OAuthSignIn() {
  const { signInWithOAuth } = useAuth();
 
  const handleGoogleSignIn = async () => {
    await signInWithOAuth('google', {
      redirectUri: 'https://yourapp.com/auth/callback',
    });
  };
}

Multi-Factor Authentication (MFA)

Add an extra layer of security with MFA via:

SMS verification
Email verification
WhatsApp verification
Authenticator apps (TOTP)

import { useAuth } from '@personql/react';
 
function MFASetup() {
  const { sendMFACode, verifyMFACode } = useAuth();
 
  const handleSendCode = async () => {
    await sendMFACode('sms', '+1234567890');
  };
 
  const handleVerifyCode = async (code) => {
    await verifyMFACode(code);
  };
}

Biometric Authentication (Mobile)

Native biometric authentication for React Native apps:

Face ID (iOS)
Touch ID (iOS)
Fingerprint (Android)

import { useAuth } from '@personql/react-native';
 
function BiometricSignIn() {
  const { signInWithBiometric, biometricAvailable } = useAuth();
 
  if (biometricAvailable) {
    return <button onClick={signInWithBiometric}>Sign In with Face ID</button>;
  }
}

Session Management

Session Types

Anonymous Sessions

Track users before authentication
Device fingerprinting
Behavioral analysis
Conversion to authenticated sessions

Authenticated Sessions

Full user profile access
Organization membership
Role-based permissions
Multi-device support

Token Management

PersonQL uses JWT tokens for authentication:

Access Token

Short-lived (15 minutes default)
Used for API requests
Automatically refreshed

Refresh Token

Long-lived (7 days default)
Used to obtain new access tokens
Securely stored

import { useAuth } from '@personql/react';
 
function TokenRefresh() {
  const { refreshToken, isTokenExpired } = useAuth();
 
  useEffect(() => {
    if (isTokenExpired()) {
      refreshToken();
    }
  }, []);
}

Security Features

Device Fingerprinting

Automatically collect device information for security analysis:

Browser type and version
Operating system
Screen resolution
Timezone
Language preferences
Canvas fingerprint

Risk Scoring

Real-time risk assessment based on:

Login location
Device trust score
Behavior patterns
Velocity checks
IP reputation

Rate Limiting

Built-in protection against brute force attacks:

300 requests per minute (default)
Configurable per endpoint
IP-based and user-based limits
Automatic cooldown periods

Security Headers

Automatic security header management:

Content Security Policy (CSP)
X-Frame-Options
X-Content-Type-Options
Strict-Transport-Security (HSTS)
X-XSS-Protection

Authentication Flow

User enters email and password
Password validation (strength requirements)
Email verification (optional)
Account creation
Automatic sign-in
Session token generation

import { SignUpForm } from '@personql/react';
 
<SignUpForm
  onSuccess={() => navigate('/dashboard')}
  requireEmailVerification={true}
  passwordRequirements={{
    minLength: 8,
    requireUppercase: true,
    requireLowercase: true,
    requireNumbers: true,
    requireSpecialChars: true,
  }}
/>;

User enters credentials
Server validates credentials
Risk assessment performed
MFA challenge (if enabled)
Session token generation
User redirected to app

import { SignInForm } from '@personql/react';
 
<SignInForm
  onSuccess={() => navigate('/dashboard')}
  onMFARequired={() => navigate('/mfa')}
/>;

Password Reset Flow

User requests password reset
Reset email sent with token
User clicks link (token validation)
New password entered
Password updated
Automatic sign-in

import { ForgotPasswordForm, ResetPasswordForm } from '@personql/react';
 
// Step 1: Request reset
<ForgotPasswordForm onSuccess={() => setEmailSent(true)} />;
 
// Step 2: Reset password
<ResetPasswordForm token={resetToken} onSuccess={() => navigate('/signin')} />;

Best Practices

Password Security

Enforce Strong Passwords
- Minimum 8 characters
- Mix of uppercase, lowercase, numbers, special characters
- Password strength indicator
Password Storage
- PBKDF2 hashing with salt
- Never log or display passwords
- Secure transmission (HTTPS only)

Session Security

Token Storage
- Use secure, httpOnly cookies
- Never store tokens in localStorage
- Implement token rotation
Session Timeout
- Implement idle timeout
- Absolute session timeout
- Automatic token refresh

MFA Implementation

Gradual Rollout
- Make MFA optional initially
- Encourage adoption with incentives
- Require for admin accounts
Recovery Options
- Backup codes
- Recovery email
- Admin intervention process

Configuration

Basic Configuration

import { PersonQLProvider } from '@personql/react';
 
<PersonQLProvider
  config={{
    apiUrl: 'https://app.personql.com',
    clientId: 'your-client-id',
    auth: {
      sessionTimeout: 240, // 4 hours
      tokenRefreshInterval: 840, // 14 minutes
      requireEmailVerification: true,
      enableMFA: true,
    },
  }}
>
  <App />
</PersonQLProvider>;

Advanced Security Configuration

<PersonQLProvider
  config={{
    apiUrl: 'https://app.personql.com',
    clientId: 'your-client-id',
    security: {
      deviceFingerprinting: true,
      riskScoring: true,
      rateLimit: {
        requests: 300,
        window: 60000, // 1 minute
      },
      passwordPolicy: {
        minLength: 12,
        requireUppercase: true,
        requireLowercase: true,
        requireNumbers: true,
        requireSpecialChars: true,
        preventCommon: true,
        preventPrevious: 5,
      },
    },
  }}
>
  <App />
</PersonQLProvider>;

Next Steps

Sign In Implementation - Implement sign-in forms
Sign Up Implementation - Implement sign-up forms
MFA Setup - Add multi-factor authentication
OAuth Integration - Connect OAuth providers
Session Management - Advanced session handling

Support

Documentation: https://docs.personql.com
GitHub Issues: https://github.com/FinHub-vc/PersonQL/issues
Email: support@personql.com