Auth

Using EIP-4361 (Sign in with Ethererum) standard, you can authenticate users to your backend using only their wallet. This is a secure and easy way to authenticate users without requiring them to create an additional account.

Usage

Client Functions

import { signLoginPayload } from 'thirdweb/auth';
// 1. fetch a login payload from your server
const result = await fetch(...);
const loginPayload = await result.json();
// 2. sign the login payload with the user's account
const signature = await signLoginPayload({ payload: loginPayload, account });
// 3. send the login payload and signature to your server
const result = await fetch(...);
const verifiedPayload = await result.json();

How you store and maintain a user session is up to you, but our recommended approach is to store a JWT token in a cookie that is verified on the server. The server functions below include utility functions to generate and verify the JWT.

In order to generate and verify the JWT you will also need an EOA private key. This private key's wallet does not need to hold any funds, it is only used for signing.

Server Functions

import { createThirdwebClient } from "thirdweb";
import { createAuth } from "thirdweb/auth";
import { privateKeyToAccount } from "thirdweb/wallets";
const privateKey = process.env.THIRDWEB_PRIVATE_KEY;
const thirdwebClient = createThirdwebClient({
secretKey: process.env.THIRDWEB_SECRET_KEY;
});
const auth = createAuth({
domain: "localhost:3000",
client: thirdwebClient,
adminAccount: privateKeyToAccount({client, privateKey})
});
// 1. generate a login payload for a client on the server side
const loginPayload = await auth.generatePayload({ address: "0x123..." });
// 2. send the login payload to the client to sign
// 3. verify the login payload and signature that the client sends back later
const verifiedPayload = await auth.verifyPayload({
payload: loginPayload,
signature: "0x123...",
});
// 4. generate a JWT for the client
const jwt = await auth.generateJWT({ payload: verifiedPayload });
// 5. set the JWT as a cookie or otherwise provide it to the client
// 6. authenticate the client based on the JWT on subsequent calls
const { valid, parsedJWT } = await auth.verifyJWT({ jwt });

Example Repos

Auth + Next.js

A working example of Auth + Next.js

Auth + Express

A working example of a React + Express app using Auth