Authentication
PartyLayer supports multiple authentication providers. Users can sign in with Auth0 (Google, Apple, Twitter, Discord, email, SMS), Passkey/WebAuthn, or Telegram.
Supported Providers
| Provider | Type | Description |
|---|---|---|
| Auth0 | OAuth/Social | Google, Apple, Twitter, Discord, email, SMS |
| Passkey | WebAuthn | Biometric/hardware key authentication |
| Telegram | Social | Telegram Login Widget |
Auth0 Setup
1. Configure Providers
<PartyLayerProvider
config={{
appId: 'app_xxx',
apiKey: 'pk_live_xxx',
auth: {
providers: ['auth0'],
auth0Domain: 'yourapp.auth0.com',
auth0ClientId: 'your_client_id',
},
}}
>2. Trigger Login
import { useAuth } from '@partylayer/enterprise-react';
function LoginPage() {
const { login, isAuthenticated, isLoading } = useAuth();
if (isLoading) return <p>Loading...</p>;
if (isAuthenticated) return <p>Already logged in!</p>;
return (
<div>
<button onClick={() => login('auth0')}>Sign in with Auth0</button>
</div>
);
}Passkey/WebAuthn Setup
Passkeys use biometric or hardware key authentication. No passwords needed.
<PartyLayerProvider
config={{
appId: 'app_xxx',
apiKey: 'pk_live_xxx',
auth: {
providers: ['passkey'],
passkeyRpName: 'My dApp',
passkeyRpId: 'mydapp.com',
},
}}
>Login with Passkey
const { login } = useAuth();
await login('passkey');Register New Passkey
const { register } = useAuth();
await register('alice@example.com', 'Alice');Or use the built-in LoginButton which includes a registration form:
<LoginButton providers={['passkey']} />Telegram Login
Telegram Login uses the Telegram Login Widget to authenticate users via their Telegram account.
Configuration
<PartyLayerProvider
config={{
appId: 'app_xxx',
apiKey: 'pk_live_xxx',
auth: {
providers: ['telegram'],
telegramBotUsername: 'your_bot_username',
},
}}
>Server Setup
Set these environment variables on your server:
TELEGRAM_BOT_TOKEN=your_bot_token_from_botfather
TELEGRAM_BOT_USERNAME=your_bot_usernameLogin with Telegram
const { login } = useAuth();
await login('telegram');The server verifies the Telegram auth data using HMAC-SHA256 with your bot token.
Multiple Providers
Enable multiple providers and let users choose:
<LoginButton providers={['auth0', 'passkey', 'telegram']} />MFA (Multi-Factor Authentication)
PartyLayer supports TOTP and email-based MFA.
Setup MFA
import { useMfa } from '@partylayer/enterprise-react';
function MfaSetup() {
const { setupMfa, verifySetup } = useMfa();
const handleSetup = async () => {
const result = await setupMfa('totp');
// result.qrCodeUrl — show QR code to user
};
const handleVerify = async (code: string) => {
const result = await verifySetup('totp', code);
// result.backupCodes — save these
};
}Transaction MFA
Enable MFA for sensitive operations:
// In tenant settings
{ requireTransactionMfa: true }Access User Session
const { session, getAccessToken } = useAuth();
// Session: { userId, email, name, provider, expiresAt }
const token = await getAccessToken();Auth Events
const pl = usePartyLayer();
pl.on('auth:login', (data) => {
console.log('User logged in:', data.session.email);
});
pl.on('auth:logout', () => {
console.log('User logged out');
});
pl.on('session:expired', () => {
console.log('Session expired');
});Logout
const { logout } = useAuth();
await logout(); // Clears all provider sessions