Wallets
Custom Authentication
You can attach wallets to your existing users using the jwt and auth_endpoint strategies.
- The jwtstrategy is based on the OIDC (Open ID Connect) standard
- The auth_endpointstrategy is a generic option that lets you bring your own auth server.
Strategy jwt - OIDC compatible auth
The OIDC auth set-up is a good option if you use an external auth provider like Auth0, firebase, cognito etc. that publishes the JWK for checking the authenticity of the token.
An OIDC auth system has a public-private keypair, where the private key is used to sign auth tokens.
- The public key is uploaded to a public URL in JWKS format. The standard location is https://{domain}.com/.well-known/jwks.json
- When a user logs in, a JWT token called the idToken is generated and signed by the private key. The OIDC spec provides an interface for fields that are used in this token.
- This JWT is then passed to the in-app wallet to generate a wallet for the user.
- We will verify the JWT against the public key to verify that the JWT was signed correctly. Upon successful verification, we will proceed to generate a wallet based on the sub(user identifier) value of the idToken.
To setup an OIDC compatible auth, enable the first option in the configuration tab of the in-app wallet dashboard

You will be asked to enter the following values
- The URL of the JWKS file (public key): This is used to verify the token was signed by you.
- The audvalue of the idToken: This is used to verify that thirdweb is the intended user of the token