Phase 3: The Switchover - Quick Start

Status: ✅ IMPLEMENTATION COMPLETE

The Phase 3 implementation is complete and ready for deployment. aethex.dev is now configured to act as an OAuth client of aethex.foundation, making Foundation the single source of truth for user identity.

What You Need To Know

Before Foundation Migrate

• aethex.dev handled all authentication (Discord OAuth, email/password)

• User identity was distributed across multiple systems

• Each application had its own auth logic

After Phase 3 Deployed

• aethex.foundation is the authoritative identity provider

• aethex.dev redirects users to Foundation for authentication

• All Discord connections handled by Foundation

• User profiles synchronized from Foundation to aethex.dev

Quick Setup

Step 1: Set Environment Variables

Add to your .env or deployment configuration:

Note: The FOUNDATION_OAUTH_CLIENT_SECRET will be provided after Foundation's Phase 1 setup is complete.

Step 2: Deploy Phase 3 Code

The following files are new and handle Foundation OAuth:

Client-side:

• code/client/lib/foundation-oauth.ts - OAuth flow

• code/client/lib/foundation-auth.ts - Token management

• code/client/hooks/use-foundation-auth.ts - React hooks

• code/client/pages/Login.tsx - UPDATED with Foundation button

Server-side:

• code/api/auth/foundation-callback.ts - OAuth callback handler

• code/api/auth/exchange-token.ts - Token exchange endpoint

Step 3: Test the Flow

1. Navigate to https://aethex.dev/login

2. Click "Login with Foundation" button

3. You should be redirected to aethex.foundation/api/oauth/authorize

4. After authentication, redirected back to aethex.dev dashboard

5. ✅ You're authenticated!

Key Changes in This Phase

Login Page

• Old: Discord button redirected to local /api/discord/oauth/start

• New: "Login with Foundation" button redirects to aethex.foundation

Authentication Flow

• Old: Local Supabase auth → Discord OAuth locally → Session on aethex.dev

• New: Redirect to Foundation → User auth on Foundation → Session on aethex.dev with Foundation token

User Profile

• Old: Stored directly in aethex.dev's Supabase

• New: Synced from Foundation's Supabase to aethex.dev's local copy

Discord Management

• Old: aethex.dev handled all Discord connections

• New: Foundation handles all Discord connections; aethex.dev consumes the result

Important Files

New Components (Phase 3 Specific)

Configuration Files

Testing Checklist

Before going live:

• Environment variables set (VITE_FOUNDATION_URL, FOUNDATION_OAUTH_CLIENT_SECRET)

• Foundation OAuth credentials obtained from Foundation admin

• Login page displays "Login with Foundation" button

• Clicking button redirects to Foundation

• Foundation authentication works (manual test)

• Callback returns to aethex.dev with authorization code

• Code is exchanged for access token

• User profile appears in local database

• Dashboard loads and shows correct user

• Logout works and clears session

• Re-login works smoothly

• Error handling works (test with invalid code, expired code, etc.)

• Tested on multiple browsers (Chrome, Firefox, Safari, Edge)

• Staging environment test passed

• Team sign-off obtained

See PHASE3-TESTING-PLAN.md for detailed testing procedures.

What Happens to Discord OAuth?

Discord OAuth is now managed entirely by aethex.foundation.

• Users no longer click Discord button on aethex.dev

• They click "Login with Foundation" on aethex.dev

• Foundation handles Discord OAuth if user chooses it

• Foundation issues a token to aethex.dev

• aethex.dev accepts the token

Result: Simplified Corp-side code, centralized identity management

User Experience After Phase 3

For New Users

1. Visit aethex.dev/login

2. See "Login with Foundation" button (primary option)

3. Click it

4. Redirected to aethex.foundation to create account or login

5. After auth, returned to aethex.dev dashboard

6. Complete onboarding with pre-filled Foundation data

For Existing Users

1. Existing sessions will be cleared (they had aethex.dev Supabase tokens)

2. They'll be redirected to login page

3. They click "Login with Foundation"

4. Foundation verifies them (Foundation has their data from Phase 2)

5. They're logged in on aethex.dev with Foundation's token

6. Experience continues seamlessly

Architecture After Phase 3

Reverting Phase 3 (If Needed)

If critical issues arise:

1. Revert code:

2. Restore environment:

   • Remove VITE_FOUNDATION_URL

   • Remove FOUNDATION_OAUTH_CLIENT_SECRET

3. Tell users:

   • "We've temporarily disabled Foundation integration"

   • "Please use local login or Discord OAuth"

4. Keep old endpoints:

   • Don't delete /api/discord/oauth/* endpoints yet

   • They'll still work if code is reverted

Deployment Recommendations

Staging Deployment (First)

1. Deploy Phase 3 code to staging

2. Set Foundation OAuth credentials on staging

3. Test according to PHASE3-TESTING-PLAN.md

4. Get team approval

5. Monitor staging for 24 hours

Production Deployment

1. Create backup of current auth system

2. Deploy Phase 3 code gradually (canary deployment if possible)

3. Set Foundation OAuth credentials in production

4. Monitor authentication metrics closely

5. Have rollback plan ready

6. Communicate with users

Monitoring

• Auth success rate (target >99%)

• Token exchange time (target <2s)

• Error messages in logs

• User support tickets

• Foundation connectivity

FAQ

Q: Do existing users need to do anything? A: No, but their old sessions will be cleared. They'll be redirected to Foundation login.

Q: What if Foundation is down? A: Users can't login. Have a communication plan ready.

Q: Can I test without Foundation setup? A: Yes, set VITE_FOUNDATION_URL to a test instance with test credentials.

Q: What about API keys and integrations? A: They remain on aethex.dev. Use Foundation tokens for user identification.

Q: How do I get the Foundation OAuth client secret? A: After Foundation's Phase 1 setup, request it from the Foundation admin.

Q: Can users still use email/password to login? A: Only if Foundation supports it. aethex.dev redirects to Foundation for all auth.

Q: What about Discord linking from aethex.dev? A: Users link Discord on Foundation instead. No linking needed on aethex.dev.

Next Steps

Week 1: Setup

1. ✅ Code implemented (DONE)

2. ⏳ Get Foundation OAuth credentials

3. ⏳ Set environment variables

4. ⏳ Deploy to staging

Week 2: Testing

1. ⏳ Test complete auth flow

2. ⏳ Test error scenarios

3. ⏳ Test on multiple browsers

4. ⏳ Load testing if needed

5. ⏳ Get team approval

Week 3: Deployment

1. ⏳ Deploy to production

2. ⏳ Monitor closely for issues

3. ⏳ Document any bugs found

4. ⏳ Communicate with users

Week 4+: Optimization

1. ⏳ Remove old Discord OAuth endpoints

2. ⏳ Optimize token handling

3. ⏳ Update documentation

4. ⏳ Plan Phase 4 features

Documentation

Detailed documentation available:

• PHASE3-SWITCHOVER-GUIDE.md - Complete implementation guide with architecture diagrams

• PHASE3-IMPLEMENTATION-SUMMARY.md - What was changed and why

• PHASE3-TESTING-PLAN.md - How to test each scenario

• PHASE3-README.md - THIS FILE

Support

If you encounter issues:

1. Check logs:

   • Foundation callback logs (Vercel deployment)

   • Token exchange errors

   • Profile sync failures

2. Verify environment:

   • VITE_FOUNDATION_URL is correct

   • FOUNDATION_OAUTH_CLIENT_SECRET is correct

   • Foundation service is running

3. Test manually:

   • Use curl to test token endpoint

   • Check database for user profiles

   • Inspect cookies in browser

4. Escalate if needed:

   • Contact Foundation admin for OAuth issues

   • Check infrastructure logs

   • Review network connectivity

Status: ✅ Phase 3 Implementation Complete & Ready for Testing

Once you obtain Foundation OAuth credentials and complete testing, you'll be ready to make aethex.foundation the official identity provider for your Aethex ecosystem.

Questions? See detailed guides in code/docs/PHASE3-* files.