Introduction

0xPass's Access Token Scheme

Overview

When a user connects their wallet and authenticates themselves, 0xPass provides an authentication token in the form of a JWT.

This provides verifiable proof of wallet ownership and should be used to secure communication between your frontend and backend.

Access Token

Access tokens are JSON Web Tokens (JWT) which contain the following claims with user information such as:

  • sid represents the user's current session ID.
  • sub corresponds to the user's 0xPass ID.
  • iss indicates the token issuer, which should always be 0xpass.io.
  • aud is your project API Key.
  • iat is the timestamp for when the JWT was issued.
  • exp is the timestamp when the JWT will expire and become invalid, typically 1 hour after issuance.

Usage

You should use the 0xPass JWT to secure the communication between your frontend and backend. For each of these components, you should do the following:

Frontend - Fetch Token
Include the auth token when you send a request to your backend

Backend - Verify Token
Verify the token when you receive a request from your frontend

Integrate social accountsFrontend - Fetch Token