Yes. Needle Engine runs as part of a standard web page or web application. It does not handle authentication directly, but you can implement authentication using standard web practices and connect it to your app.

How it works:

1. Your surrounding web application - the page where Needle is used - handles the authentication flow (e.g., redirecting to an OAuth provider like Google, Azure AD, Auth0, Okta; or handling JWT tokens).
2. Once the user is authenticated, your application’s frontend code has access to user information or tokens.
3. You can use this authentication status to:
   • Control access to the Needle Engine experience itself.
   • Pass user information or tokens to Needle Engine components and scripts if needed, for example to personalize the experience or make authenticated API calls from within the 3D scene
   • Secure backend API calls made from your Needle application using bearer tokens or session cookies.

Essentially, Needle Engine operates within the security context established by your broader web application.