Learn how to set up authentication using your backend and the Embedded Wallet Kit.
useTurnkey
hook, such as handleLogin
, completeOtp
, or completeOauth
. These methods are designed to work with Turnkey’s auth proxy and will not function with a custom backend authentication flow.
authProxyConfigId
parameter in the TurnkeyProvider
configuration. This will prevent the SDK from automatically fetching authentication configuration from your Turnkey Dashboard.
createSubOrganization
: Create a new sub-organization for the user.initOtp
: Send an OTP authentication code.verifyOtp
: Verify the OTP code entered by the user.otpLogin
: Handle OTP login flow (you can also combine this with verifyOtp
to make a single endpoint).oauthLogin
: Handle OAuth login flow.stampLogin
, so you do not need to implement any additional endpoints for those. Signup however will still require the createSubOrganization
endpoint to create a new sub-organization for the user. See the implementation in @turnkey/core
for more details on how to implement loginWithPasskey
and loginWithWallet
using the stampLogin
activity.
Here’s an example of how you might implement the createSubOrganization
endpoint in Node.js using Express and the @turnkey/sdk-server
package:
otpLogin
and oauthLogin
will require a public key to be passed in the request.
You can use createApiKeyPair
from the useTurnkey
hook to generate a keypair for this purpose.
createApiKeyPair
will be automatically stored in indexedDB
and used for stamping requests to Turnkey after authentication. You can learn more about stamps here.
otpLogin
and oauthLogin
will return a session token in JWT format that you need to store in your application. You can use the storeSession
function from the useTurnkey
hook to store the session token.
storeSession
, the SDK will automatically handle the session and keypair management for you.
If you have autoRefreshSession
enabled under the auth
object in the TurnkeyProvider
configuration, the SDK will automatically refresh the session token when it expires. You can also continue to use the authState
variable from the useTurnkey
hook to check if the user is authenticated.