React + Express
If you want to interact with a working version of the Auth + React integration that we'll be building in this guide, you can check the following GitHub repository, or clone it with the command below:
npx thirdweb create app --template thirdweb-auth-express
Create a directory to hold your client and server:
Create a new React app with Vite:
Setup your React app .env
file with the following:
Wrap the root of your application with a thirdweb provider:
Create and export a thirdweb client somewhere in your application to be used in your components. This client gives you access to thirdweb's RPCs to read and right from the blockchain.
Don't have a secret key? Get one here.
Create your <ConnectButton />
component. This is where your users will sign in.
To provide your users with a smart wallet so your app can sponsor gas and batch transactions, add the following to your <ConnectButton />
:
Create a new directory for your backend server:
Initialize a new node project:
Accept the defaults for now. Once your project is initialized, install the dependencies:
Create a .env
file with the following:
To keep things simple, we've put all server-side routes in the same file. For a production-grade application you'll likely break them out depending on what works for your use case. Either way, the core logic is the same as you see here.
Create a server-side client using your secret key:
We'll assume you've already setup a basic Express API, but there are a few things you'll need to make sure you've done for authentication to work properly between your frontend and backend.
Create your thirdweb auth instance
Setup a GET
route at /login
to fetch the login payload:
Here, we get the user's address and chain ID to generate the payload with using thirdweb Auth. This payload will be returned to the client for the user to sign with their wallet. It will then be sent back to the server for verification.
Create a POST
route also at /login
for the frontend to submit the signed payload:
We receive the signed payload, verify it via thirdweb Auth, then create a JWT if the signed payload is valid. This JWT is assigned to this domain and allows the client to identify itself to the server as authenticated for future requests (until the token expires).
Now, we create a route to check if the user is currently logged in:
If the user doesn't have a token, they're definitely not logged in, so we immediately return false. If they do, we verify it to make sure its both accurate and not yet expired. If both are true, we return true.
Finally, we need a route to log the user out by clearing their token:
For any routes you add to your server, you can authenticate the user just like we did in /isLoggedIn
:
Remember your app.listen
(when you start the server) must come after your routes.
That's it! You have a React + Express app fully configured with SIWE. When running your app, be sure to start both the client and the server.
For help or feedback, please visit our support site