Authentication System
QELT Hub supports two primary authentication methods, unified under a single JWT-based session system. Users can connect via Web3 wallet or create an account with email and password.
Overview
QELT Hub provides a flexible authentication system that caters to both crypto-native users and traditional web users. Both methods result in a unified JWT session, giving equal access to all platform features.
Email/Password Authentication
Traditional email/password authentication with email verification and automatic custodial wallet creation.
Registration
User provides email, username, and password (minimum 12 characters with uppercase, lowercase, number, and special character).
Email Verification
A verification token is sent via email. The user must click the link to verify their address.
Login
User authenticates with email + password. A JWT token is set as an HTTP-only cookie.
Custodial Wallet Creation
After successful registration, the system automatically creates a custodial wallet with encrypted private key storage.
Password Reset
Users can request a password reset via a secure token sent to their email.
Password Requirements
- Minimum 12 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
Web3 Wallet Authentication
Crypto-native users can connect their existing Web3 wallet for seamless authentication without creating a traditional account.
Wallet Connection
User connects a Web3 wallet (MetaMask, Coinbase Wallet, Trust Wallet, etc.) via WalletConnect/wagmi.
Message Signing
The backend generates a unique message with a timestamp. The user signs it with their wallet's private key.
Signature Verification
The backend verifies the signature matches the claimed wallet address using cryptographic recovery.
JWT Issuance
Upon successful verification, a JWT token is set as an HTTP-only cookie.
Auto-Authentication
On subsequent visits, if the wallet is already connected and a valid JWT exists, the user is auto-authenticated without needing to sign again.
Supported Wallets
Browser & Mobile
Browser & Mobile
Mobile
Browser & Mobile
Universal Protocol
Session Management
Both authentication methods share the same session management system, ensuring a consistent experience across the platform.
| Feature | Details |
|---|---|
| JWT Storage | HTTP-only cookies (not accessible via JavaScript) |
| Auto-Refresh | Tokens refreshed every 5 minutes while user is active |
| Logout | Clears JWT cookie and redirects to home page |
| Session Tracking | Records IP address, user agent, and last active time |
| CSRF Protection | Via SameSite cookie attributes |
Auth Providers
Current and planned authentication providers for QELT Hub.
| Provider | Status |
|---|---|
| Wallet (MetaMask, WalletConnect, etc.) | ✅ Live |
| Email/Password | ✅ Live |
| Google OAuth | 🔜 Planned |
| Twitter OAuth | 🔜 Planned |
| GitHub OAuth | 🔜 Planned |
Next Steps
Learn about the wallet system that powers both external and custodial wallet interactions.