Skip to main content

Authentication

Gradiant’s authentication system provides robust security through multiple authentication methods, session management, and comprehensive security controls.

Authentication Methods

Password Authentication

Secure password-based login

Multi-Factor Auth

Additional security layers

WebAuthn

Biometric and hardware authentication

OAuth/SSO

Single sign-on integration

Password Authentication

Requirements

Password requirements ensure strong security while maintaining usability
  • Minimum 12 characters
  • Mix of uppercase and lowercase letters
  • At least one number
  • At least one special character
  • No common patterns or dictionary words
  • Not similar to previous passwords

Implementation

import { GradiantAuth } from '@gradiant/auth';

const auth = new GradiantAuth({
passwordPolicy: {
minLength: 12,
requireUppercase: true,
requireLowercase: true,
requireNumbers: true,
requireSpecial: true,
preventCommonPasswords: true
}
});

<!-- trunk-ignore(markdownlint/MD040) -->

Multi-Factor Authentication

Available Methods

  • Compatible with Google Authenticator - 30-second code rotation - Secure key generation - Backup codes provided
  • Phone number verification - Rate-limited sending - Code expiration - Fallback options
  • Secure code delivery - Limited validity period - Anti-phishing measures - Backup verification

Setup Process

1
Enable MFA Navigate to security settings and enable MFA ### Choose Method
2
Select preferred authentication method ### Verify Setup Complete verification process ### Save Backup Codes Store backup codes securely

WebAuthn Support

Features

Built on FIDO2 standards for strong authentication
  • Biometric authentication
  • Hardware security keys
  • Platform authenticators
  • Resident key support
  • User verification

Implementation 2

const webAuthnAuth = new WebAuthnAuthentication({
  rpName: 'Gradiant Healthcare',
  rpID: 'gradiant.dev',
  origin: 'https://gradiant.dev',
  userVerification: 'preferred',
})

// Register new credential
const credential = await webAuthnAuth.register({
  userId: 'user_123',
  userName: '[email protected]',
})

// Authenticate with credential
const auth = await webAuthnAuth.authenticate({
  userId: 'user_123',
  credentialId: credential.id,
})

OAuth/SSO Integration

Supported Providers

ProviderOAuth 2.0OpenID ConnectSAML 2.0
Google Workspace
Microsoft Azure AD
Okta
Auth0

Configuration

const oauthConfig = {
  providers: {
    google: {
      clientId: exampleId,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
      scope: ['openid', 'email', 'profile']
    },
    azure: {
      clientId: exampleId,
      clientSecret: process.env.AZURE_CLIENT_SECRET,
      tenant: process.env.AZURE_TENANT_ID
    }
  }
};

Session Management

Session Security

Sessions are managed with strict security controls
  • Secure session tokens
  • Automatic session expiration
  • Device fingerprinting
  • Concurrent session limits
  • Forced session termination
  • Activity monitoring

Implementation 3

const sessionConfig = {
  maxAge: '24h',
  secure: true,
  httpOnly: true,
  sameSite: 'strict',
  fingerprint: true,
  maxConcurrent: 5,
}

const session = await auth.createSession({
  userId: 'user_123',
  config: sessionConfig,
})

Security Controls

Brute Force Protection

  • Progressive delays
  • Account lockouts
  • IP-based rate limiting
  • Geographic restrictions
  • Suspicious activity detection

Audit Logging

{
  "event": "authentication_attempt",
  "userId": "user_123",
  "timestamp": "2024-03-21T10:30:00Z",
  "success": true,
  "method": "webauthn",
  "deviceInfo": {
    "browser": "Chrome",
    "os": "macOS",
    "ip": "xxx.xxx.xxx.xxx"
  }
}

Best Practices

Enable MFA

Require MFA for all accounts

Regular Audits

Review authentication logs

Update Policies

Keep security policies current

Monitor Activity

Track authentication patterns

Troubleshooting

  • Wait for lockout period to expire - Contact support for manual unlock - Use account recovery process - Verify identity through alternate means
  • Check time synchronization - Use backup codes if available - Contact support for reset - Verify device settings
  • Verify provider configuration - Check network connectivity - Validate certificates - Review error logs

Support

Need help with authentication? Contact our security team:

Security Support

Contact security team

Documentation

View security guides