mrpiglr/AeThex-OS
1
0
Fork 0
mirror of https://github.com/AeThex-Corporation/AeThex-OS.git synced 2026-04-17 22:07:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
AeThex-OS/OAUTH_SETUP.md
MrPiglr a15b5b1015 feat: integrate AeThex Language across entire OS ecosystem 
Major Features:
- Custom .aethex programming language with cross-platform compilation
- Compiles to JavaScript, Lua (Roblox), Verse (UEFN), and C# (Unity)
- Built-in COPPA compliance and PII detection for safe metaverse development

Integration Points:
1. Terminal Integration
   - Added 'aethex' command for in-terminal compilation
   - Support for all compilation targets with --target flag
   - Real-time error reporting and syntax highlighting

2. IDE Integration
   - Native .aethex file support in Monaco editor
   - One-click compilation with target selector
   - Download compiled code functionality
   - Two example files: hello.aethex and auth.aethex

3. Curriculum Integration
   - New "AeThex Language" section in Foundry tech tree
   - Three modules: Realities & Journeys, Cross-Platform Sync, COPPA Compliance
   - Certification path for students

4. Documentation Site
   - Complete docs at /docs route (client/src/pages/aethex-docs.tsx)
   - Searchable documentation with sidebar navigation
   - Language guide, standard library reference, and examples
   - Ready for deployment to aethex.dev

5. npm Package Publishing
   - @aethex.os/core@1.0.0 - Standard library (published)
   - @aethex.os/cli@1.0.1 - Command line compiler (published)
   - Both packages live on npm and globally installable

Domain Configuration:
- DNS setup for 29+ domains (aethex.app, aethex.co, etc.)
- nginx reverse proxy configuration
- CORS configuration for cross-domain requests
- OAuth redirect fixes for hash-based routing

Standard Library Features:
- Passport: Universal identity across platforms
- DataSync: Cross-platform data synchronization
- SafeInput: PII detection (phone, email, SSN, credit cards)
- Compliance: COPPA/FERPA age gates and audit logging

Documentation Package:
- Created aethex-dev-docs.zip with complete documentation
- Ready for static site deployment
- Includes examples, API reference, and quickstart guide

Technical Improvements:
- Fixed OAuth blank page issue (hash routing)
- Added .gitignore rules for temp files
- Cleaned up build artifacts and temporary files
- Updated all package references to @aethex.os namespace

Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-11 22:28:05 -07:00

426 lines
9.7 KiB
Markdown
Raw Permalink Blame History

# OAuth Provider Configuration for All AeThex Domains
This document contains the redirect URIs and configuration needed for each OAuth provider across all AeThex domains.
## OAuth Redirect URI Pattern
All redirect URIs follow this pattern:
```
https://{domain}/auth/{provider}/callback
```
## Provider Configurations
### 1. Discord OAuth
**Discord Developer Portal:** https://discord.com/developers/applications
Navigate to: Your Application → OAuth2 → Redirects
**Add these redirect URIs:**
```
https://aethex.app/auth/discord/callback
https://aethex.co/auth/discord/callback
https://aethex.tech/auth/discord/callback
https://aethex.id/auth/discord/callback
https://aethex.online/auth/discord/callback
https://aethex.fun/auth/discord/callback
https://aethex.live/auth/discord/callback
http://localhost:5173/auth/discord/callback (development)
```
**Environment Variables:**
```bash
DISCORD_CLIENT_ID=your_client_id
DISCORD_CLIENT_SECRET=your_client_secret
```
---
### 2. GitHub OAuth
**GitHub Developer Settings:** https://github.com/settings/developers
Navigate to: OAuth Apps → Your App → Authorization callback URL
**Add these redirect URIs:**
```
https://aethex.app/auth/github/callback
https://aethex.co/auth/github/callback
https://aethex.tech/auth/github/callback
https://aethex.id/auth/github/callback
https://aethex.dev/auth/github/callback
https://aethex.pro/auth/github/callback
http://localhost:5173/auth/github/callback (development)
```
**Note:** GitHub only allows ONE callback URL per OAuth App. You'll need to create multiple OAuth Apps (one per domain) OR use a single primary domain.
**Recommended Approach:**
- Primary: `https://aethex.app/auth/github/callback`
- Development: `http://localhost:5173/auth/github/callback`
**Environment Variables:**
```bash
GITHUB_CLIENT_ID=your_client_id
GITHUB_CLIENT_SECRET=your_client_secret
```
---
### 3. Roblox OAuth
**Roblox Creator Hub:** https://create.roblox.com/credentials
Navigate to: OAuth 2.0 Apps → Your App → Redirect URIs
**Add these redirect URIs:**
```
https://aethex.app/auth/roblox/callback
https://aethex.co/auth/roblox/callback
https://aethex.tech/auth/roblox/callback
https://aethex.id/auth/roblox/callback
https://aethex.fun/auth/roblox/callback
https://aethex.space/auth/roblox/callback
http://localhost:5173/auth/roblox/callback (development)
```
**Environment Variables:**
```bash
ROBLOX_CLIENT_ID=your_client_id
ROBLOX_CLIENT_SECRET=your_client_secret
```
---
### 4. Twitch OAuth
**Twitch Developer Console:** https://dev.twitch.tv/console/apps
Navigate to: Applications → Your App → OAuth Redirect URLs
**Add these redirect URIs:**
```
https://aethex.app/auth/twitch/callback
https://aethex.co/auth/twitch/callback
https://aethex.tech/auth/twitch/callback
https://aethex.id/auth/twitch/callback
https://aethex.live/auth/twitch/callback
https://aethex.fun/auth/twitch/callback
http://localhost:5173/auth/twitch/callback (development)
```
**Environment Variables:**
```bash
TWITCH_CLIENT_ID=your_client_id
TWITCH_CLIENT_SECRET=your_client_secret
```
---
### 5. Microsoft OAuth (Minecraft)
**Azure Portal:** https://portal.azure.com → Azure Active Directory → App registrations
Navigate to: Your App → Authentication → Redirect URIs
**Add these redirect URIs:**
```
https://aethex.app/auth/minecraft/callback
https://aethex.co/auth/minecraft/callback
https://aethex.tech/auth/minecraft/callback
https://aethex.id/auth/minecraft/callback
https://aethex.fun/auth/minecraft/callback
https://aethex.space/auth/minecraft/callback
http://localhost:5173/auth/minecraft/callback (development)
```
**Platform Configuration:**
- Type: Web
- Implicit grant: Access tokens, ID tokens
**Environment Variables:**
```bash
MICROSOFT_CLIENT_ID=your_client_id
MICROSOFT_CLIENT_SECRET=your_client_secret
MICROSOFT_TENANT_ID=consumers
```
---
## Stripe Configuration
**Stripe Dashboard:** https://dashboard.stripe.com
Navigate to: Settings → Checkout settings → Success/Cancel URLs
**Success URLs:**
```
https://aethex.shop/upgrade/success
https://aethex.tech/upgrade/success
https://aethex.app/upgrade/success
https://aethex.biz/upgrade/success
https://aethex.pro/upgrade/success
```
**Cancel URLs:**
```
https://aethex.shop/upgrade/cancel
https://aethex.tech/upgrade/cancel
https://aethex.app/upgrade/cancel
https://aethex.biz/upgrade/cancel
https://aethex.pro/upgrade/cancel
```
**Environment Variables:**
```bash
STRIPE_SECRET_KEY=sk_live_...
STRIPE_PUBLISHABLE_KEY=pk_live_...
STRIPE_SUCCESS_URL=https://aethex.shop/upgrade/success
STRIPE_CANCEL_URL=https://aethex.shop/upgrade/cancel
```
---
## Supabase Configuration
**Supabase Dashboard:** https://app.supabase.com
Navigate to: Authentication → URL Configuration
**Site URL:**
```
https://aethex.app
```
**Redirect URLs (wildcards allowed):**
```
https://aethex.app/**
https://aethex.co/**
https://aethex.tech/**
https://aethex.id/**
https://aethex.online/**
https://aethex.network/**
https://aethex.cloud/**
https://aethex.dev/**
https://*.aethex.app/**
https://*.aethex.cloud/**
http://localhost:5173/**
```
**Environment Variables:**
```bash
SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co
SUPABASE_SERVICE_KEY=your_service_role_key
SUPABASE_ANON_KEY=your_anon_key
VITE_SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co
VITE_SUPABASE_ANON_KEY=your_anon_key
```
---
## Testing OAuth Flows
### Test Script
Create a test script to verify OAuth flows across domains:
```bash
#!/bin/bash
DOMAINS=(
"aethex.app"
"aethex.tech"
"aethex.id"
)
PROVIDERS=(
"discord"
"github"
"roblox"
"twitch"
"minecraft"
)
for domain in "${DOMAINS[@]}"; do
for provider in "${PROVIDERS[@]}"; do
echo "Testing https://$domain/auth/$provider"
status=$(curl -s -o /dev/null -w "%{http_code}" "https://$domain/auth/$provider" --max-time 5)
if [ "$status" -eq 302 ] || [ "$status" -eq 301 ]; then
echo " ✓ Redirects correctly ($status)"
else
echo " ✗ Unexpected status: $status"
fi
done
done
```
### Manual Testing
1. **Test Discord OAuth:**
```
https://aethex.app/auth/discord
https://aethex.tech/auth/discord
```
2. **Test GitHub OAuth:**
```
https://aethex.app/auth/github
https://aethex.dev/auth/github
```
3. **Test Roblox OAuth:**
```
https://aethex.app/auth/roblox
https://aethex.fun/auth/roblox
```
4. **Test Twitch OAuth:**
```
https://aethex.app/auth/twitch
https://aethex.live/auth/twitch
```
5. **Test Minecraft OAuth:**
```
https://aethex.app/auth/minecraft
https://aethex.fun/auth/minecraft
```
---
## Domain-Specific Recommendations
### Primary Auth Domain: aethex.tech & aethex.id
Use these domains for all authentication-related flows:
- OAuth callbacks
- Password reset links
- Email verification links
- Magic link authentication
**Benefits:**
- Clear separation of concerns
- Better security isolation
- Easier to manage SSL certificates
- Simplified rate limiting
### Primary App Domain: aethex.app
Use this as the main entry point for users:
- User dashboard
- Application interface
- Profile management
### E-commerce Domain: aethex.shop
Use this for all commerce-related flows:
- Stripe checkout
- Payment success/cancel pages
- Order management
---
## Environment Variables Summary
Create `.env.production` with ALL OAuth credentials:
```bash
# OAuth Providers
DISCORD_CLIENT_ID=...
DISCORD_CLIENT_SECRET=...
GITHUB_CLIENT_ID=...
GITHUB_CLIENT_SECRET=...
ROBLOX_CLIENT_ID=...
ROBLOX_CLIENT_SECRET=...
TWITCH_CLIENT_ID=...
TWITCH_CLIENT_SECRET=...
MICROSOFT_CLIENT_ID=...
MICROSOFT_CLIENT_SECRET=...
MICROSOFT_TENANT_ID=consumers
# Stripe
STRIPE_SECRET_KEY=sk_live_...
STRIPE_PUBLISHABLE_KEY=pk_live_...
STRIPE_SUCCESS_URL=https://aethex.shop/upgrade/success
STRIPE_CANCEL_URL=https://aethex.shop/upgrade/cancel
# Supabase
SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co
SUPABASE_SERVICE_KEY=...
SUPABASE_ANON_KEY=...
VITE_SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co
VITE_SUPABASE_ANON_KEY=...
# Session
SESSION_SECRET=<generate-32-char-secret>
# General
NODE_ENV=production
OAUTH_REDIRECT_URI=https://aethex.app
PRIMARY_DOMAIN=aethex.app
AUTH_DOMAIN=aethex.tech
```
---
## Security Checklist
- [ ] All redirect URIs use HTTPS (except localhost)
- [ ] OAuth secrets are stored in environment variables, not code
- [ ] Session secret is strong (32+ characters) and unique
- [ ] CORS origins include all valid domains
- [ ] Rate limiting is configured for auth endpoints
- [ ] SSL certificates are valid and auto-renewing
- [ ] Redirect URIs exactly match configured values (including trailing slashes)
- [ ] Test OAuth flows on each domain before production deployment
---
## Troubleshooting
### "Redirect URI mismatch" error
**Cause:** The redirect URI doesn't match exactly
**Solution:**
1. Check the OAuth provider's dashboard
2. Ensure protocol matches (http vs https)
3. Ensure domain matches (including subdomain)
4. Check for trailing slashes
5. Verify the callback path (e.g., `/auth/discord/callback`)
### OAuth works on one domain but not another
**Cause:** Redirect URI not configured for that domain
**Solution:**
1. Add the redirect URI to the OAuth provider
2. Wait a few minutes for propagation
3. Clear browser cookies and try again
### Session not persisting across domains
**Cause:** Cookies are domain-specific
**Solution:**
1. This is expected behavior - sessions are isolated per domain
2. Use a shared auth domain (aethex.tech or aethex.id)
3. Implement token-based auth for cross-domain sessions
---
## Next Steps
1. Create OAuth applications for each provider
2. Add all redirect URIs to each provider
3. Copy client IDs and secrets to `.env.production`
4. Test OAuth flows on primary domains
5. Deploy and test on all domains
6. Monitor auth logs for errors
For deployment instructions, see `/DOMAIN_SETUP_GUIDE.md`.
Reference in a new issue View git blame Copy permalink