> ## Documentation Index
> Fetch the complete documentation index at: https://gloflow.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Identity

* identity system manages all user authentication and authorization.

***

## Standard identity

* implemented from scratch and allows GloFlow to have classic username/password user system without dependence on any external system (blockchain, auth0, or other).
* user/password based
  * supported One-time passwords (OTP) based authentication using Authenticator Apps
  * time-based secret information that expires after a set small period of tiem (60s, etc.)

***

## Web3 identity

* users prove ownership of public-keys/addresses via signing of data strings and verification server-side of those.
* implemented for Ethereum chain
* add Tezos support?

***

## Auth0 idenity

* integration with an external identity provider - Auth0
* provides powerful features, and is for users that dont want to manage their user database via GF, or have more advanced identity management requirements.

### Oauth2.0 Bearer Token:

* predominant type of access token used with OAuth 2.0
* acquired by GF from Auth0 after the login callback handler exchanges the received `code` for this bearer token.
* opaque string, not intended to have any meaning to clients using it

### ID tokens:

* are JSON web tokens (JWTs).
* used to cache user profile information and provide it to a client application.
* application receives an ID token after a user successfully authenticates, then consumes the ID token and extracts user information from it, which it can then use to personalize the user's experience.
* is valid for 36000 seconds (10 hours)
* signatures are generated by using private/public key-pairs.
  * private key is managed by Auth0 and is unique per Tenant (rotated once a year).
  * GF verifies the JWT signature using public keys
* decoded JWT token payload data has the following shape:

```
{
  "iss": "http://YOUR_DOMAIN/",
  "sub": "auth0|123456",
  "aud": "YOUR_CLIENT_ID",
  "exp": 1311281970,
  "iat": 1311280970,
  "name": "Jane Doe",
  "given_name": "Jane",
  "family_name": "Doe",
  "gender": "female",
  "birthdate": "0000-10-31",
  "email": "janedoe@example.com",
  "picture": "http://example.com/janedoe/me.jpg"
}
```

* auth0 docs:
  * [https://auth0.com/docs/secure/tokens/id-tokens](https://auth0.com/docs/secure/tokens/id-tokens)
  * [https://auth0.com/docs/secure/tokens/id-tokens/id-token-structure](https://auth0.com/docs/secure/tokens/id-tokens/id-token-structure)
  * [https://auth0.com/docs/secure/tokens/json-web-tokens](https://auth0.com/docs/secure/tokens/json-web-tokens)
  * [https://auth0.com/docs/get-started/tenant-settings/signing-keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys)

### JWT custom claims:

*
