Login with custom auth

INFO

Before following the instructions below, you must first configure your app in the Privy Developer Dashboard to use custom auth, per these instructions.

Privy's embedded wallets are fully-compatible with any authentication provider that supports JWT-based, stateless authentication. If you're looking to add embedded wallets to your app, you can use a custom authentication provider.

If your app uses a custom provider to authenticate your user, you will need to initialize a session with Privy in order to provision embedded wallets for that user.

1. Define a callback to get the user's access token

First, define a tokenProvider callback on the Privy SDK's customJwt class.

This async closure should return the current user's access token from your custom authentication provider as a String. If the user is not authenticated, this callback should return null.

As an example, you might set up this callback like so:

privy.customJwt.setTokenProvider {
    // Client logic to provide the JWT
    // This might involve network requests or accessing secure storage
    return await fetchAccessTokenFromAuthProvider()
}

2. Authenticate your user

Once you have defined a tokenProvider callback, to authenticate your user with Privy, use the Privy SDK's loginWithCustomAccessToken method.

Internally, this triggers the tokenProvider callback to retrieve a custom access token.

privy.customJwt.loginWithCustomAccessToken()

If the provided access or identity token is invalid, loginWithCustomAccessToken will throw an error. If the token is valid, Privy will successfully authenticate your user and loginWithCustomAccessToken will return an object representing an authenticated State session.

INFO

When the Privy SDK is first initialized, the user's authentication status will be set to unauthenticated. Privy's first attempt to authenticate the user will be the first time loginWithCustomAccessToken is called.

When your app starts up, as soon as you determines your user is authenticated via your custom auth provider, you should call Privy's loginWithCustomAccessToken method. Then, if the user's authentication tokens expires in the same SDK session, Privy will call the tokenProvider callback to re-authenticate the user.

As an example, if you're using Auth0's Swift SDK to authenticate your users, you can initialize a Privy session like so:

// Here we store the Auth0 token as a variable, you may want to use Auth0's CredentialManager,
// or some other method to store and retrieve the token.
var auth0Token: String? = nil

privy.customJwt.setTokenProvider {
    return auth0Token
}

Auth0.webAuth().start { result in
  if case .success(let credentials) = result {
      auth0Token = credentials.accessToken
      Task {
          // This call triggers a read of auth0Token
          // via the callback provided at configuration.
          try await privy.customJwt.loginWithCustomAccessToken()
      }
  }
}

Privy will determine if the user is new or returning based on the unique ID that your auth provider has assigned the user, which is stored as the sub claim of their access token. You can view all users in the Users section of the Privy Developer Dashboard.