Skip to main content

Authentication

2.1 Overview

Bike4Mind provides a secure, extensible authentication system designed to support both enterprise-scale identity providers and developer-friendly access patterns. All authentication flows are built with session security, traceability, and OAuth2 compatibility in mind.

2.2 Supported Authentication Providers

Bike4Mind natively supports the following OAuth2-based identity providers:

  • Okta (Enterprise SSO via SAML/OIDC)
  • Google
  • GitHub

Additional providers may be integrated upon request or through standard OAuth2 configuration via the platform's authentication layer.

2.3 Token-Based Session Management

All authenticated sessions in Bike4Mind are managed using JWT (JSON Web Token) infrastructure with the following characteristics:

  • Access Token: Short-lived token used for authenticating API calls.
  • Refresh Token: Longer-lived token used to renew access tokens without re-authentication.
  • Token Expiry:
    • Access Token: ~1 day (configurable)
    • Refresh Token: ~2 days (configurable)
  • Token Rotation: Automatically issued on refresh to mitigate reuse and replay attacks.

JWTs are cryptographically signed and verified on each request via the backend middleware. Tokens are never stored in localStorage to reduce XSS surface area.

2.4 Login and Session Auditing

All authentication-related activities are fully auditable:

  • Login and logout events
  • Token issuance, refresh, and expiration
  • Failed login attempts and invalid credentials
  • OAuth2 provider callbacks and identity token exchanges

These audit trails are accessible through the Bike4Mind admin dashboard and are optionally exportable for integration with enterprise SIEM or log aggregation tools.

2.5 Session Security Best Practices

Bike4Mind enforces several session security mechanisms by default:

  • Secure HTTP-only cookies (if configured)
  • CSRF protection for form-based login flows
  • Strict CORS configurations
  • Same-origin checks and referer validation
  • Optional IP and device fingerprinting (for high-security environments)

2.6 Extensibility and Custom Requirements

For customers with specific identity governance requirements, Bike4Mind supports:

  • Custom identity provider configuration (via environment variables or secrets)
  • Whitelisted login domains
  • Role-based access mapping from external IdPs (e.g., Okta group claims)
  • Multi-factor authentication (via external IdP)

2.7 Summary

Bike4Mind’s authentication system provides secure, auditable, and extensible identity management suitable for enterprise deployments. It supports both cloud-native workflows and private cloud SSO environments while offering traceability and policy enforcement for session activity.