# Authentication Methods

At a high level, onboarding users onchain breaks down into three core questions: who is taking the onchain action (the user), through what means are they able to control this action (the signer), and where is the affected state (the account).

**With Openfort, your app can authenticate users, including:**

* **Email**: via password or one-time passcode (OTP)
* **Phone**: via SMS one-time passcode (OTP)
* **Wallet**: via Sign In With Ethereum ([SIWE](https://eips.ethereum.org/EIPS/eip-4361)) standard
* **Web2 social accounts**: via [OAuth2.0 Protocol](https://oauth.net/2/) (Google, Facebook, Twitter, Discord, and more)
* **Guest**: anonymous authentication that can be upgraded later

These methods can be configured as either login or link options for users. Once authenticated, Openfort creates a common `User` object that includes the user's ID and profile information, treating all users equally regardless of their authentication method.

## Choosing an authentication method

| Method | Description | Best for |
| --- | --- | --- |
| **Email & Password** | Traditional credentials-based sign up and login | Familiar UX, broad compatibility |
| **Email OTP** | Passwordless login via one-time code sent to email | Low-friction onboarding |
| **Phone OTP** | Passwordless login via one-time code sent via SMS | Mobile-first apps |
| **Social / OAuth** | Google, Apple, Facebook, X, Discord, and more | Consumer apps, fast sign-up |
| **Wallet (SIWE)** | Connect external wallets (MetaMask, WalletConnect) via Sign In With Ethereum | Crypto-native users |
| **Guest** | Anonymous authentication that can be upgraded later | Try-before-you-register flows |
| **Third-party** | Firebase, Supabase, Auth0, and custom auth systems | Existing auth infrastructure |

## Response types

All authentication methods across all SDKs return a common response structure containing the session token and user information.

### AuthResponse

```typescript
interface AuthResponse {
  token: string | null   // Session token for authentication
  user: User             // User profile information
  session?: Session      // Optional session details
}
```

### User

```typescript
interface User {
  id: string                   // Unique user identifier
  email?: string               // User's email address
  name?: string                // User's display name
  image?: string               // URL to user's profile image
  emailVerified?: boolean      // Whether email has been verified
  createdAt?: string           // ISO timestamp when created
  updatedAt?: string           // ISO timestamp when last updated
  isAnonymous?: boolean        // Whether user is anonymous (guest)
  phoneNumber?: string         // User's phone number
  phoneNumberVerified?: boolean // Whether phone has been verified
  linkedAccounts?: UserAccount[] // Linked accounts (external wallets and auth providers only, not embedded wallets)
}
```

### Session

```typescript
interface Session {
  id?: string           // Session identifier
  token: string         // Session token for authentication
  userId: string        // User ID associated with this session
  expiresAt?: string    // ISO timestamp when session expires
  createdAt?: string    // ISO timestamp when created
}
```

### Example response

```json
{
  "user": {
    "id": "usr_cc9ed2b7-c5f5-4c43-8dca-c4b104ba1762",
    "email": "hello@example.com",
    "name": "John Doe",
    "emailVerified": true,
    "createdAt": "2024-03-20T12:00:00Z",
    "updatedAt": "2024-03-20T12:00:00Z",
    "isAnonymous": false
  },
  "token": "eyJhbGci...",
  "session": {
    "id": "ses_...",
    "token": "eyJhbGci...",
    "userId": "usr_cc9ed2b7-c5f5-4c43-8dca-c4b104ba1762",
    "expiresAt": "2024-03-21T12:00:00Z",
    "createdAt": "2024-03-20T12:00:00Z"
  }
}
```

The SDK automatically stores tokens after successful authentication.

## Configure authentication

* [Social login providers](/docs/configuration/social-login) - Set up Google, Apple, Facebook, and other OAuth providers
* [External auth providers](/docs/configuration/external-auth) - Configure Firebase, Supabase, and other third-party systems
* [Password settings](/docs/configuration/password/security) - Customize password policies and email templates

## SDK implementations

<HoverCardLayout className="grid-cols-2!">
  <HoverCardLink
    description="React hooks for authentication."
    href="/products/embedded-wallet/react/auth"
    title="React"
    subtitle="@openfort/react"
    img={{
    src: "/img/icons/react-icon.svg",
    alt: "React",
  }}
    color="#61DAFB"
  />

  <HoverCardLink
    description="React Native hooks for authentication."
    href="/products/embedded-wallet/react-native/auth"
    title="React Native"
    subtitle="@openfort/react-native"
    img={{
    src: "/img/icons/libraries/react-native-icon.svg",
    alt: "React Native",
  }}
    color="#61DAFB"
  />

  <HoverCardLink
    description="iOS authentication methods."
    href="/products/embedded-wallet/swift/auth/email"
    title="iOS"
    subtitle="@openfort/swift"
    img={{
    src: "/img/icons/libraries/swift-icon.svg",
    alt: "Swift",
  }}
    color="#F7DF1E"
  />

  <HoverCardLink
    description="Unity authentication methods."
    href="/products/embedded-wallet/unity/auth/email"
    title="Unity"
    subtitle="OpenfortSDK"
    img={{
    src: "/img/icons/libraries/unity.svg",
    alt: "Unity",
    invertOnDark: true,
  }}
    color="#aaa"
  />
</HoverCardLayout>
