Overview

Blueprint utilizes three primary methods of authentication:

1. Email & Password: Uses access and refresh tokens for session management.
2. Masquerade: Simulates a user's session using their User ID and a masquerade token.
3. Expiring URL: Grants limited access for specific actions.

How is authentication handled in Blueprint?

Authentication in Blueprint is managed using the @krakentech/blueprint-auth package, which provides:

• Middleware
• API routes
• react-query hooks
• Custom GraphQL handler
• Browser cookies

This combination ensures a robust, scalable, and secure authentication solution.

For detailed implementation guidance, see the @krakentech/blueprint-auth step-by-step guide.

This section explains how Blueprint implements each authentication method. These methods are crucial for a secure authentication solution.

Which API routes are used for authentication?

There are 3 API routes used for authentication purposes:

• /api/auth/login - Authenticates users with email and password
• /api/auth/logout - Ends the user's session
• /api/auth/session - Manages session state and token refresh

Each of these routes is explained in detail in their respective documentation sections. For implementation details and API reference, see the @krakentech/blueprint-auth API reference.

How does Blueprint use Kraken for authentication?

Blueprint uses the obtainKrakenToken mutation to request authorisation tokens from Kraken. The API documentation details the different errors this can raise.