Skip to main content
import { useCallback } from 'react';
import { useStytch } from '@stytch/react';

export const Login = () => {
const stytch = useStytch();

const trigger = useCallback(async () => {
  /* Request user's address */
  const [crypto_wallet_address] = await ethereum.request({
    method: 'eth_requestAccounts',
  });

  /* Ask Stytch to generate a challenge for the user */
  const { challenge } = await stytch.cryptoWallets.authenticateStart({
    crypto_wallet_address,
    crypto_wallet_type: 'ethereum',
  });

  /* Ask the user to sign the challenge, this takes place on your frontend and uses the browser's built-in crypto provider API. */
  const signature = await ethereum.request({
    method: 'personal_sign',
    params: [challenge, crypto_wallet_address],
  });

  /* Send the signature back to Stytch for validation */
  await stytch.cryptoWallets.authenticate({
    crypto_wallet_address,
    crypto_wallet_type: 'ethereum',
    signature,
    session_duration_minutes: 60,
  });
}, [stytch]);

return <button onClick={trigger}>Sign in with Ethereum</button>;
};

{
  "challenge": "Signing in with Project: 7_EPetPqfdEiDCJtgad6-xsXytN3Ee9tx6mdRTQK3fC7-J2PDxpP1GAvYB9Ic4E09h-K88STiRIzKSGP",
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141"
  "status_code": 200
}
Wraps the authenticate crypto wallet endpoint. Call this method after the user signs the challenge to validate the signature. If this method succeeds and the user is not already logged in, the user will be logged in, granted an active session, and the session cookies will be minted and stored in the browser. If the user is already logged in, the crypto wallet will be added to the user.crypto_wallets[] array and associated with user’s existing session as an authentication_factor. See Ethereum’s EIP-1193 for an example of Ethereum’s provider API.

Parameters

crypto_wallet_type
string
required
The type of wallet to authenticate. Currently ethereum and solana are supported. Wallets for any EVM-compatible chains (such as Polygon or BSC) are also supported and are grouped under the ethereum type.
crypto_wallet_address
string
required
The crypto wallet address to authenticate.
signature
string
required
The signature from the message challenge.
session_duration_minutes
int
required
Set the session lifetime to be this many minutes from now. This will return both an opaque session_token and session_jwt for this session, which will automatically be stored either in the browser cookies if you’re using our JavaScript SDK, or in the iOS Keychain/ Android SharedPreferences if you’re using one of our mobile SDKs. The session_jwt will have a fixed lifetime of five minutes regardless of the underlying session duration, and will be automatically refreshed by the SDK in the background over time. This value must be a minimum of 5 and may not exceed the maximum session duration minutes value set in the Frontend SDK page of the Stytch Dashboard. A successful authentication will continue to extend the session this many minutes.

Response

user_id
string
The unique ID of the affected User.
user
object
The user object affected by call. See the User object for complete response field details.
session_token
string
A secret token for a given Stytch Session.
session_jwt
string
The JSON Web Token (JWT) for a given Stytch Session.
session
object
If you initiate a Session, by including session_duration_minutes in your authenticate call, you’ll receive a full Session object in the response. See Session object for complete response fields.
user_device
object
If Protected Auth is enabled and returned fingerprinting results, the user_device response field will contain information about the user’s device attributes.
request_id
string
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
status_code
number
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.