Skip to main content

Authentication

VoxKey supports multiple authentication methods per realm. Each method is added as a Provider and can be enabled or disabled independently.

Authentication methods

Email / Password

The LoginPass provider handles traditional email and password authentication.

  • Password hashing with bcrypt
  • Email verification via one-time codes
  • Password reset flow
  • CAPTCHA protection (configurable per realm)

Social Login (OAuth2)

Connect external identity providers. Users click a button and authenticate through the provider's consent screen.

ProviderProtocolReturned data
GoogleOAuth2email, name, avatar
GitHubOAuth2email, name, avatar
DiscordOAuth2email, name, avatar
YandexOAuth2email, name, avatar
SteamOpenIDSteam ID, username

Callback URL format for OAuth2 providers:

https://your-domain.com/oauth2/{realmUUID}/login/{providerName}

WebAuthn / Passkeys

Passwordless authentication using platform authenticators (Touch ID, Face ID, Windows Hello) or security keys (YubiKey).

  • Registration and login via WebAuthn API
  • Can be used as primary auth or as MFA factor
  • Passkey enrollment prompt after first login (configurable)

Email codes

One-time codes sent to the user's email. Used for:

  • Passwordless sign-in
  • Email verification during registration
  • MFA challenge

Multi-Factor Authentication (MFA)

MFA adds a second verification step after primary authentication.

Supported factors:

  • TOTP -- time-based one-time passwords (Google Authenticator, Authy)
  • WebAuthn -- passkeys and security keys

MFA policies per realm:

  • Disabled -- no MFA
  • Optional -- users can enable MFA in their dashboard
  • Required -- all users must enroll MFA
  • Skippable -- users are prompted but can skip

Sign-in flow

Session management

VoxKey tracks sessions per realm using a signed rid cookie. Users can:

  • View active sessions in the dashboard
  • Terminate sessions on other devices
  • See login history with IP and user agent

Adding a provider to a realm

  1. Go to Admin Panel > Realms > [Your Realm] > Auth Providers
  2. Click Add Provider
  3. Select provider type and configure credentials
  4. Set permissions: Allow Sign Up, Allow Sign In, Allow Unlink