Edit this page

Best Practices for Unstoppable Login

The following are some best practices for integrating your application with Unstoppable Login.

Confirm the Authorization Account

In addition to logging in with the controlling Ethereum or Polygon wallet, the UAuth service allows users to login using certain verified accounts associated with the domain's ud.me profile, such as a Solana wallet address. You can check which account was used to authorize the login session using the getAuthorizationAccount() method.

@uauth/js loginWithPop()@uauth/js loginCallback()@uauth middleware
Copy
Copied
// In the login handler
const authorization = await uauth.loginWithPopup();
const account = uauth.getAuthorizationAccount(authorization);
Copy
Copied
// On the callback page
const response = await uauth.loginCallback();
const account = uauth.getAuthorizationAccount(response.authorization);
Copy
Copied
const authorization = await uauth.authorization();
const account = uauth.getAuthorizationAccount(authorization);

This will return a VerifiedAddress describing the account used. For a standard Unstoppable Login, this will be the wallet address that owns the domain.

Verify the Login Flow and Scopes

Before launching your application, you should verify the login flow that users will experience and ensure that correct scopes are being requested from users. In the last modal screen shown below, only the minimum scopes are being requested by the application: openID, wallet, and email.

1) User Clicks Unstoppable Login button to get started

Modal 1

2)User Enters Unstoppable Domain Address to Login to dApp

Modal 2

3) User Consent screen details the scopes being requested by dApp

Modal 3

The modals are further described below:

  • Modal 1. User clicks on Unstoppable Login Button.
  • Modal 2. A modal is displayed which allows the user to begin the authorization process by entering their Unstoppable domain.
  • Modal 3. During login, the user will see the resolved address and the information being requested by the application (i.e. the scopes). The user must sign the transaction using their wallet address in order to share their information with the dApp.

Style the Login Buttons

Your integration will need Unstoppable Domains branded login buttons. See the table below for style guidelines.

StateColorButton
Default#0D67FELarge login button: default
Hover#0546B7Large login button: hover
Pressed#478BFELarge login button: pressed
Loading#0D67FELarge login button: loading

Or you can download the full set of default Unstoppable Login buttons.