AviatoAviato

Aviato Tower & Identities

Sign in to every Aviato server and app with one account, while keeping your server list private from aviato.media.

Aviato Identity lets you sign in once and use every Aviato server and app you have access to. Sign in on your phone, your TV, or your desktop, and your servers are already there waiting. You never type a server address, a username, or a password into a TV remote again.

This page explains how Aviato Identity works, what Aviato Tower (the service that powers it) can and cannot see, and how to set it up.

How signing in works

You create an account on Aviato Tower at tower.aviato.media. Instead of a password, you use a passkey, the same kind of fingerprint, Face ID, or hardware key your bank and email already use. Most modern phones, laptops, and password managers support passkeys.

When you want to sign in to an Aviato app on a new device:

  1. The app shows you an 8 digit code.
  2. You open tower.aviato.media/pair on your phone or laptop and enter that code.
  3. You tap your passkey to confirm.
  4. The app is signed in. Every Aviato server you have access to appears in the app, no typing required.

On a desktop browser, you can also click a "Sign in with Aviato Identity" button instead of typing a code. If you are already signed in to Tower, the sign in completes in a single click.

Getting access to a server

Aviato servers are private. You only see a server if its owner has invited you. Aviato Identity does not change that. An admin still sends you an invite link. The invite link gives you two ways to accept:

  • With Aviato Identity. Link your Aviato Identity to the server in one tap. Future sign ins use your passkey.
  • With a username and password. Set up a local account on that server. You can link it to Aviato Identity later from Settings if you change your mind.

Either path is fully optional. Server admins can also create plain username and password invites that never touch Aviato Tower at all.

Privacy: what Aviato Tower can see, and what it cannot

Aviato Identity is built so aviato.media cannot spy on you, even if it wanted to. Your server list, server addresses, and library content are not visible to Aviato Tower in any usable form. This is done with encryption that happens on your device, before anything leaves it.

Here is what Aviato Tower knows about you:

  • Your email address (used only for account recovery).
  • Your passkeys (the public part, which proves it is really you when you sign in).
  • The fact that you have an account, and roughly how many servers you have linked.

Here is what Aviato Tower cannot see, even with full access to its own database:

  • Which servers you have access to.
  • Where any of your servers live on the internet.
  • Your library content, watch history, ratings, or anything inside a server.
  • Your username on any individual server.
  • Your preferences and settings for the servers and apps.

When you link a server to your Aviato Identity, the server details are encrypted in your browser before they reach Tower. The key that unlocks them is held by your passkey, using a feature that modern passkeys provide for exactly this purpose. Tower stores the encrypted blob and hands it back to you when you sign in. It never has the means to decrypt it.

Security: why Aviato Tower cannot impersonate you

A central sign in service is a tempting target. If someone breaks in, you would hope they cannot use that access to impersonate you on the servers you have linked. Aviato Identity is designed so that even a fully compromised Aviato Tower cannot sign in to your media servers as you.

When you first link a server to your Aviato Identity, your device creates an identity key that lives only inside your encrypted vault. Your media server learns the public half of this key and remembers it. From that moment on, the server only accepts sign ins that prove ownership of the matching private half. Tower never has the private half. Even a Tower employee with full database access cannot produce the signature your server requires.

When you sign in to a new app, your app makes its own credentials and gets a short lived pass from your identity. The app talks to your servers directly with that pass. No further contact with Aviato Tower is needed to keep using your servers day to day.

A short summary of who can do what:

WhoWhat they can see and do
Aviato TowerKnows your email and passkeys. Holds encrypted blobs it cannot read. Cannot sign in to your servers as you.
A server adminKnows you have access to that one server. Does not know what other servers you use.
Your apps and devicesKnow your full server list, because they decrypted it locally on the device.

What happens when Aviato Tower is offline

Aviato Tower is a broker, not a gatekeeper. After you sign in to an app, that app talks to your servers directly. If Tower is offline:

  • Apps that are already signed in keep working with every server they have access to.
  • Running servers keep accepting sign ins from devices whose pass is still valid.
  • You cannot pair a brand new device or refresh a long expired pass until Tower is back.

Passes are valid for 60 days at a time and renew quietly in the background whenever you open an Aviato app. As long as you use your apps every couple of months, you never notice a renewal.

Multiple passkeys, lost passkeys, and recovery

You can add more than one passkey to your Aviato Identity. We recommend at least two: one on your phone (with your password manager) and one on your laptop or a hardware key. Any one of them can unlock your account.

When you add a passkey, your existing vault is also unlocked by the new passkey. When you remove a passkey, the vault gets a fresh encryption key and the removed passkey can no longer unlock anything.

If you lose every passkey at once, you can recover your account using the recovery codes shown when you first signed up. Save those codes somewhere safe. A printer or password manager is fine.

Devices and revocation

Every app you sign in to becomes a device under your Aviato Identity. You can see the full list in Tower at Dashboard → Devices. Each entry shows the device name, the date it was paired, and when its pass expires.

If you lose a device, revoke it from this list. Revoking a device:

  • Stops it from renewing its pass. The current pass expires within 60 days at the latest.
  • Tells every server you can reach to refuse the device immediately, where possible.

For full safety on a stolen device, also change anything sensitive (banking, email) as you would with any lost device.

Linking an existing account

If you already have a username and password on an Aviato server, you can link that account to Aviato Identity from Settings → Profile → Link Aviato Identity. After you confirm:

  • Your password on that server is cleared.
  • Future sign ins use your Aviato Identity passkey.
  • If you ever want to unlink, set a new password first, then unlink. This avoids locking yourself out.

Optional, not required

Aviato Identity is one way to sign in. It is not the only way. If you prefer to keep every server completely separate, you can. Servers continue to support local username and password accounts forever. Aviato Tower is only involved when you choose to use it.

Tailscale

Reach your Aviato Server from anywhere over a private, end to end encrypted mesh network. Coming soon to Aviato Afterburner.

Getting Started

Overview of the three integration surfaces for Aviato. Pick the one that matches what you are building before diving into the topic-specific docs.

On this page

How signing in worksGetting access to a serverPrivacy: what Aviato Tower can see, and what it cannotSecurity: why Aviato Tower cannot impersonate youWhat happens when Aviato Tower is offlineMultiple passkeys, lost passkeys, and recoveryDevices and revocationLinking an existing accountOptional, not required