# Trollbox Auth Spec Date: 2026-05-23 Status: limited-preview product spec ## Goal The trollbox should feel instant, but identity should be clear enough to reduce impersonation and make useful community work routable. Preview mode stores identity and messages in browser `localStorage`. Production should replace this with provider-authenticated identity and moderated realtime storage. ## Supported Login Providers - X / Twitter OAuth - Reddit OAuth - Telegram Login - Discord OAuth ## Unified Identity Record Each provider should resolve into one internal profile record: - `profile_id` - `provider` - `provider_user_id` - `display_name` - `handle` - `avatar_url` - `verified_at` - `last_seen_at` - `roles` - `moderation_state` The public trollbox message should show the provider label and display nickname, not private tokens or raw auth payloads. ## Message Record - `message_id` - `profile_id` - `provider` - `nickname` - `body` - `created_at` - `room_id` - `reply_to_message_id` - `moderation_state` - `source_context` ## Message Bridge Telegram, Discord and the web trollbox should connect through one moderated relay service instead of posting directly into each other. Inbound routes: - Telegram group/channel -> Telegram bot -> Message Relay -> Trollbox room - Discord channel/thread -> Discord bot -> Message Relay -> Trollbox room - Web trollbox -> Trollbox backend -> Message Relay Outbound routes: - Message Relay -> Telegram bot -> approved Telegram group/channel - Message Relay -> Discord bot -> approved Discord channel/thread Relay envelope: - `relay_message_id` - `source_provider` - `source_room_id` - `source_message_id` - `source_author_id` - `canonical_profile_id` - `display_nickname` - `body` - `created_at` - `dedupe_hash` - `moderation_state` - `reply_context` Bridge rules: - Only approved Telegram chats and Discord channels can relay into the public trollbox. - Only verified web profiles can cross-post out to Telegram or Discord. - Provider IDs stay private; public UI shows provider label and nickname. - Relay should deduplicate messages to prevent echo loops. - Deletions, bans and moderation actions should propagate where platform APIs allow it. - Every bridged message keeps source provider, source room and source message id for audit. ## Moderation Rules - No seed phrases, private keys, mnemonics or recovery files. - No impersonation or fake official support. - No scam links, private invite bait or wallet-drainer flows. - No price pumping, investment advice or unsupported claims. - Useful threads can be promoted into Work Board tasks, Pulse items or Network Embassy asks. ## Production Architecture - Auth gateway handles OAuth / Telegram Login callback validation. - Backend signs a first-party session cookie. - Realtime room uses a moderated message store. - Telegram bot and Discord bot publish to the same message relay. - Rate limits apply per profile and IP. - Messages can be reported into the Safety Desk. - Moderators can hide, lock, slow-mode or escalate threads. ## Launch Gate Public launch requires: - provider callback URLs configured - session security review - moderation roles assigned - report flow connected to Safety Desk - rate limits and spam controls - privacy policy updated for provider identity data