Authentication

OnionAI uses secure, session-based authentication. This page covers sign-in, session handling, and how to keep your workspace secure.

Sign in with GitHub

We use GitHub OAuth for sign-in. When you visit the sign-in page, you’re redirected to GitHub to authorize the app. After approval, we create a session and associate it with your account. We do not store your GitHub password; we only receive and store the information GitHub provides (e.g. name, email, avatar) according to our privacy policy.

Sessions

Sessions are stored in HTTP-only cookies and are validated on each request. Session lifetime and refresh behavior are configured server-side. If you sign out or your session expires, you’ll need to sign in again to access protected routes (e.g. dashboard and chats).

Securing your workspace

• Use a strong GitHub account: Enable 2FA on GitHub to protect the account used for sign-in.
• Sign out on shared devices: Use the sign-out option when you’re done on a shared or public machine.
• Integration credentials: Stored credentials (e.g. API keys for Elasticsearch) are encrypted and scoped to your user. See Security & Compliance for details.

Next steps

• Quick Start — Get up and running
• Security & Compliance — Data handling and audit