Skip to main content

Custom Authentication

Custom Authentication is a way to authenticate users with your custom authentication service. For example, while authenticating with Google, you can use your own Google Client ID to authenticate users directly.

This feature, with MFA turned off, can even make Web3Auth invisible to the end user.

note

This is a paid feature and the minimum pricing plan to use this SDK in a production environment is the Growth Plan. You can use this feature in Web3Auth Sapphire Devnet network for free.

Getting an Auth Connection ID

prerequisite

To enable this, you need to Create a Connection from the Authentication tab of your project from the Web3Auth Developer Dashboard with your desired configuration.

To configure a connection, you need to provide the particular details of the connection into our Web3Auth Dashboard. This enables us to map a authConnectionId with your connection details. This authConnectionId helps us to identify the connection details while initializing the SDK. You can configure multiple connections for the same project, and you can also update the connection details anytime.

tip

Visit the Auth Provider Setup page to learn more about to setup the different configurations available for each connection.

The basic custom authentication is available directly in the modal. You can configure each of the auth providers in the modal to direct to your authConnectionId.

note

You can only configure implicit login via modal, for JWT based logins, you need to create your own UI and use the connectTo function.

For the modal custom authentication, you need to pass the modalConfig object to the Web3AuthOptions object within the constructor.

Read more about the modalConfig object in the Whitelabel section.

Usage

import { Web3Auth, WALLET_CONNECTORS, WEB3AUTH_NETWORK } from "@web3auth/modal";

const web3auth = new Web3Auth({
  clientId: "YOUR_CLIENT_ID",
  web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET,
  modalConfig: {
    connectors: {
      [WALLET_CONNECTORS.AUTH]: {
        label: "auth",
        loginMethods: {
          google: {
            name: "google login",
            authConnectionId: "w3a-google-demo",
          },
          facebook: {
            name: "facebook login",
            authConnectionId: "w3a-facebook-demo",
          },
          discord: {
            name: "discord login",
            authConnectionId: "w3a-discord-demo",
          },
          twitch: {
            name: "twitch login",
            authConnectionId: "w3a-twitch-demo",
          },
          twitter: {
            name: "twitter login",
            // it will hide the twitter option from the Web3Auth modal.
            showOnModal: false,
          },
          email_passwordless: {
            name: "email passwordless login",
            authConnectionId: "w3a-email_passwordless-demo",
          },
          sms_passwordless: {
            name: "sms passwordless login",
            authConnectionId: "w3a-sms_passwordless-demo",
          },
        },
        // setting it to false will hide all social login methods from modal.
        showOnModal: true,
      },
    },
  },
});

// Initialize web3auth
await web3auth.init();

Advanced Custom Authentication

The more advanced custom authentication is available via the connectTo function. This allows you to any service you want and tie it to your Web3Auth Integration. This method allows you to make Web3Auth totally invisible to your end users and have a fully whitelabeled experience all across.

You can utilise this function to enable multiple types of connections like:

  • Implicit Login Connections
  • JWT Login Connections
  • Grouped Auth Connections
connectTo Function Reference
connectTo<T extends WALLET_CONNECTOR_TYPE>(
  connector: T,
  params?: LoginParamMap[T]
): Promise<IProvider | null>;

export type LoginParamMap = {
    [WALLET_CONNECTORS.AUTH]: Partial<AuthLoginParams>;
    ...
};

AuthLoginParams

ParameterDescription
loginHint?Helps pass over the login hint to the auth provider. This is used especially for email_passwordless & sms_passwordless logins.
idToken?Pass over the JWT ID Token directly to Web3Auth for JWT authentication.
authConnection?The auth provider to use for login (e.g., "google", "facebook").
authConnectionId?The ID configured in your Web3Auth Dashboard for the connection.
groupedAuthConnectionId?The grouped auth connection ID to be used for login.
extraLoginOptions?Custom OAuth options (e.g., login_hint, domain, etc.).

Auth Connection Types

export const AUTH_CONNECTION = {
  GOOGLE: "google",
  TWITTER: "twitter",
  FACEBOOK: "facebook",
  DISCORD: "discord",
  FARCASTER: "farcaster",
  APPLE: "apple",
  GITHUB: "github",
  REDDIT: "reddit",
  LINE: "line",
  KAKAO: "kakao",
  LINKEDIN: "linkedin",
  TWITCH: "twitch",
  TELEGRAM: "telegram",
  WECHAT: "wechat",
  EMAIL_PASSWORDLESS: "email_passwordless",
  SMS_PASSWORDLESS: "sms_passwordless",
  CUSTOM: "custom",
};

Advanced Options (extraLoginOptions)

For custom integrations (like Auth0, AWS Cognito), you can provide additional options:

ParameterDescription
isUserIdCaseSensitiveWhether the user id field is case sensitive [Default: true]
domainAuth provider domain (e.g., "example.auth0.com")
client_idClient ID from your auth provider
scopeOAuth scopes (e.g., "email profile openid")
response_typeResponse type for OAuth flow
login_hintPre-fill user identifier

Implicit logins

Implicit logins are the easiest way to authenticate users with your custom authentication services. Web3Auth currently supports implicit logins for the following providers directly:

  • Google
  • Facebook
  • Discord
  • Twitch
  • Auth0 (Custom)

In addition to these you can also use any other provider like Auth0, AWS Cognito, Azure AD, etc. by providing the particular details of their login within the extraLoginOptions object within the connectTo function.

Usage

// web3auth instance already initialized
await web3auth.connectTo(WALLET_CONNECTORS.AUTH, {
  authConnection: AUTH_CONNECTION.GOOGLE,
  authConnectionId: "w3a-google-demo",
});

JWT Login

JWT Login is a way to authenticate users with your custom authentication services. With this method, Web3Auth just takes into account the idToken passed over to the connectTo function and uses it to authenticate the user. You can utilise this method with any authentication service that is OAuth 2.0 Compatible.

warning

If you have not configured on the dashboard, whether you user id is case sensitive or not, then you need to pass the isUserIdCaseSensitive option to the extraLoginOptions.

Usage

const loginWithGoogle = async (response: CredentialResponse) => {
  const idToken = response.credential;

  await web3auth.connectTo(WALLET_CONNECTORS.AUTH, {
    authConnectionId: "w3a-google-demo",
    authConnection: AUTH_CONNECTION.GOOGLE,
    idToken,
    extraLoginOptions: {
      isUserIdCaseSensitive: false,
    },
  });
};

...

<GoogleLogin
  onSuccess={loginWithGoogle}
  onError={() => {
    console.log("Login Failed");
  }}
  useOneTap
/>

Grouped Auth Connections

Grouped Auth Connections allows you to group multiple auth connections together and use them as a single connection. This is useful when you want to authenticate the user with multiple providers and require the same user wallet address to be generated.

For example, you can group Google & Email Passwordless providers together and use them as a single connection. Now, if your user logs in with Google Auth or even with Email Passwordless using the same email, they will get the same wallet address.

Prerequisites

You need to configure a grouped connection, by combining your single connections in the Web3Auth Dashboard before using this feature.

const loginWithGoogle = async () => {
  await web3auth.connectTo(WALLET_CONNECTORS.AUTH, {
    groupedAuthConnectionId: "aggregate-sapphire",
    authConnectionId: "w3a-google",
    authConnection: AUTH_CONNECTION.GOOGLE,
  });
};

const loginWithAuth0Google = async () => {
  await web3auth.connectTo(WALLET_CONNECTORS.AUTH, {
    groupedAuthConnectionId: "aggregate-sapphire",
    authConnectionId: "w3a-a0-google",
    authConnection: AUTH_CONNECTION.CUSTOM,
    extraLoginOptions: {
      connection: "google-oauth2",
    },
  });
};

const loginWithAuth0GitHub = async () => {
  await web3auth.connectTo(WALLET_CONNECTORS.AUTH, {
    groupedAuthConnectionId: "aggregate-sapphire",
    authConnectionId: "w3a-a0-github",
    authConnection: AUTH_CONNECTION.CUSTOM,
    extraLoginOptions: {
      connection: "github",
    },
  });
};