Edit this page

Scopes for Login

Login with Unstoppable uses scopes to request data about a user. Instead of requesting all of a user's information at once, scopes are used to make granular requests (for example, a wallet address or an email address). Each scope returns a set of user attributes called claims. If the user authorizes the access associated with a scope, the claims are returned inside the ID Token associated with that authorization.

These scopes are passed to the authorization request in the scope parameter, which is a list of case-sensitive strings called scope tokens separated by spaces.

Example scope configuration
  "scope": "openid wallet email:optional"

The scopes requested by an application vary depending on the type of user data needed by the application and will be presented to the user in a list.

Example scope list presented to UD users

Example scope list presented to UD users

Login with Unstoppable supports the following scopes which are detailed below:

Optional Scopes

Many login scopes have scope:optional variations that allow users to opt in or opt out of sharing requested information. These appear with checkmarks next to them in the login request. If the user consents to sharing this information, the claims associated with the standard scope will be returned.

UI for email:optional scope

Consenting to the email:optional scope


optional: false

The openid scope is a special scope that is required for all Login with Unstoppable requests. The scope indicates to the server that it should return an OIDC compatible ID Token containing the rest of the user’s claims.


This is a required scope for using Login with Unstoppable. The OpenID scope must be included in addition to any other scope used to integrate this feature.


optional: false

The Login with Unstoppable wallet scope is best used for retrieving metadata about the user’s wallet. It returns two custom claims:

  1. wallet_address - The address associated with the domain.
  2. wallet_type_hint - A string indicating the type of wallet associated with the domain with three possible values:


optional: true

The Login with Unstoppable email scope can be used to retrieve the users's domain.tld@ud.me Unstoppable Email address, which provides Unstoppable Domain owners with a proxy email service that doesn't share their private address.

Unstoppable email is disabled for domains by default. If a user has not enabled this feature but consents to the email scope, a unique, dApp-specific email address is generated and authorized for their domain. This unique email address is then returned in the email claim.


optional: true

The Login with Unstoppable humanity_check scope must be added to the library for existing apps that want to integrate the Humanity Check feature using Persona.

After the user authenticates and proves their identity with the Persona authorization system, the application will receive a humanity_id, which is a unique identifier for each user to serve as that user's "humanity check."

See Humanity Check for Login for more information on identity providers, humanity check, and plans for future releases.


optional: true

The Login with Unstoppable profile scope is used to retrieve profile metadata the user has associated with their domain. It returns the following claims.

  • name - Display name
  • picture - Cover photo URI
  • profile - ud.me profile URI (e.g. https://ud.me/domain.tld )
  • ipfs_website - IFPS website hash
  • website - Web2 URI to the IPFS hash
  • location - The domain owner's location


optional: true

The Login with Unstoppable social scope is used to retrieve metadata about the user's social media profiles.

Individual social scopes may also be used separately to require specific social media profiles from users. These scopes cannot be optional.

  • social:twitter
  • social:reddit
  • social:youtube
  • social:discord
  • social:telegram
  • social:instagram
  • social:github

You should only request either social, social:optional, or a combination of individual social scopes. Requesting any combination of those three will throw an error.