> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turnkey.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate a user with email

> ⚠️ **This example is outdated !**<br />
> Head over to [SDK Reference](https://docs.turnkey.com/sdks/react/auth) for the updated packages.

<Steps>
  <Step title="Initialize Turnkey">
    ```JavaScript theme={"system"}
    import { Turnkey } from "@turnkey/sdk-browser";

    const turnkey = new Turnkey({
      apiBaseUrl: "https://api.turnkey.com",
      defaultOrganizationId: process.env.TURNKEY_ORGANIZATION_ID,
    });
    ```
  </Step>

  <Step title="Initialize the Iframe Client">
    Note that the iframe client must be initialized with the dom element where the iframe will be injected. If you are using the [react-sdk](/sdks/react) you can import the `iframeClient` from the `useTurnkey()` hook without this step and the iframe dom element will be managed for you. Note that the `iframeClient` must be initialized before calling `emailAuth` because you need the `iframePublicKey` as a parameter to the `emailAuth` call.

    ```JavaScript theme={"system"}
    import { Turnkey, TurnkeySDKBrowserConfig } from "@turnkey/sdk-browser";

    const turnkeyConfig: TurnkeySDKBrowserConfig = {...};
    const turnkey = new Turnkey(turnkeyConfig);

    const iframeContainerId = "turnkey-auth-iframe-container-id";

    // ensure the HTML element exists somewhere in the rendered DOM
    <div id={iframeContainerId} />

    const iframeClient = await turnkey.iframeClient(document.getElementById(iframeContainerId))
    ```
  </Step>

  <Step title="Call emailAuth from your backend">
    ```JavaScript theme={"system"}
    await turnkey.serverSign(
      "emailAuth",
      [{
        email: <userEmail>,
        targetPublicKey: iframeClient.iframePublicKey,
        organizationId: <userSubOrganizationId>
      }]
    )
    ```

    If you need to lookup the user `subOrganizationId` by email, you can call the `getSubOrgIds` method with the `filterType` parameter set to `"EMAIL"`

    ```JavaScript theme={"system"}
    const subOrgIds = await turnkey.serverSign(
      "getSubOrgIds",
      [{
        filterType: "EMAIL",
        filterValue: <userEmail>
      }]
    )

    const userSubOrganizationId = subOrgIds.organizationIds[0];
    ```
  </Step>

  <Step title="Inject the emailed credentialBundle into the iframe to authenticate the user">
    ```JavaScript theme={"system"}
    const authenticationResponse =
      await iframeClient.injectCredentialBundle(credentialBundle);
    if (authenticationResponse) {
      // user is authenticated and can perform actions from the `iframeClient`
      await iframeClient.login();
      navigate("/authenticated-route");
    } else {
      // credential bundle does not match emailed credential
      navigate("/not-authenticated-route");
    }
    ```
  </Step>

  <Step title="Make read requests on behalf of the authenticated user from the currentUserSession">
    ```JavaScript theme={"system"}
    const currentUserSession = await turnkey.currentUserSession();
    const walletsResponse = await currentUserSession.getWallets();
    const walletName = walletsResponse.wallets[0].walletName;
    ```
  </Step>

  <Step title="Call the `iframeClient` directly for write requests">
    ```JavaScript theme={"system"}
    import { DEFAULT_ETHEREUM_ACCOUNTS } from "@turnkey/sdk-browser";
    const newWalletResponse = await iframeClient.createWallet({
      walletName: "New Wallet for User",
      accounts: DEFAULT_ETHEREUM_ACCOUNTS,
    });
    ```
  </Step>
</Steps>