Skip to main content

Use your own auth (Advanced)

By default, the embedded wallet service handles two things: auth, and spinning up crypto wallets tied to the auth. We require valid authentication to ensure a wallet is created for the right person. If you already have your own auth and only want to spin up wallets, we offer a simple way to hook up any OpenID Connect ("OIDC") compatible auth to create embedded wallets. This is currently available for Pro customers only. Contact Sales.

How it works

  • An OIDC auth system has a public-private keypair, where the private key is used to sign auth tokens
  • The public key is uploaded to a public URL in JWKS format. The standard location is https://{domain}.com/.well-known/jwks.json
  • When a user logs in, a JWT token called the idToken is generated and signed by the private key. The OIDC spec provides an interface for fields that are used in this token.
  • We use the public key to verify that the JWT was signed correctly, and proceed to generate a wallet based on the sub (user identifier) value of the idToken.

Configuration Setup

In your API key settings, click edit, look for "Custom Auth" and provide the following values:

  • The URL of the JWKS file (public key)
    • This is used to verify the token was signed by you.
  • The aud value of the idToken
    • This is used to verify that thirdweb is the intended user of the token

Authenticating a user

Once you've logged in with your own auth, you can pass the user's JWT to the embedded wallet to authenticate and connect.

In React and React Native, the useEmbeddedWallet() hook handles authentication and connection states.

import { useEmbeddedWallet } from "@thirdweb-dev/react"; // or /react-native

const embeddedWallet = useEmbeddedWallet();

const handlePostLogin = async (jwt: string) => {
  await embeddedWallet.connect({
    strategy: "jwt",
    jwt,
  });
};