Login
The process of logging in requires two different actions:
- Challenge Generation: Our server generates a challenge, which is a specific piece of text. The challenge is designed to be signed using your Ethereum wallet to validate ownership.
- Authenticate with Signed Challenge: After receiving the challenge text, you must sign it using your Ethereum wallet. The resulting signature will then be used to call the authenticate method. This action generates both an accessToken and a refreshToken
1. Challenge Generation
To obtain a JWT token, the first step is to request a challenge from the server. This challenge text will be used to prove ownership by signing it with your Ethereum wallet. Keep in mind that each challenge remains valid for only 5 minutes. If it expires, a new challenge must be generated.
Using LensClient
Full documentation for
authentication.generateChallenge
here.
const { id, text } = await lensClient.authentication.generateChallenge({
signedBy: YOUR_WALLET_ADDRESS, // e.g "0xdfd7D26fd33473F475b57556118F8251464a24eb"
for: YOUR_PROFILE_ID, // e.g "0x01"
});
Using GraphQL API
query Challenge {
challenge(request: {
signedBy: "0xdfd7D26fd33473F475b57556118F8251464a24eb",
for: "0x01"
}) {
text
}
}
{
"data": {
"challenge": {
"id": "example-challenge-id",
"text": "I want to authenticate with lens and generate a JWT token at timestamp - 1645102996447. Auth request id - 6a01ffa229be678f03d705eb9b4c454554e2cef4be2c273fc0c9ed5be8762625"
}
}
}
Note we advise logging in with a profile to unlock the full API, but we also support logging in with just a wallet, which can do only a small set of features like act on free and paid actions. To authenticate with just a wallet, omit profile id from the challenge request.
Fetch a list of managed profiles by a wallet
To know what
profileId
to use with authentication challenge, you can query all managed profiles by a wallet withprofilesManaged
query. See below:API reference doc: https://api-v2-docs.lens.xyz/#query-profilesManaged
LensClient SDK example:
const managedProfiles = await client.wallet.profilesManaged({ for: wallet.address });
2. Authenticate with Signed Challenge
Once you've obtained the challenge text, you should sign it using your Ethereum wallet. The resulting signature should be provided to the authentication
endpoint.
Using LensClient
Successfully calling lensClient.authentication.authenticate
returns void and gives the LensClient instance the ability to make authenticated requests.
Example using ethers to sign the message:
import { Wallet } from "ethers";
const wallet = new Wallet(YOUR_PRIVATE_KEY);
const signature = await wallet.signMessage(text); // text returned from authentication.generateChallenge
await lensClient.authentication.authenticate({
id, // returned from authentication.generateChallenge
signature
});
Using GraphQL API
This mutation will return both an accessToken and a refreshToken.
accessToken
- Valid for 30 minutes before needed to be refreshedrefreshToken
- Valid for 7 days to allow users to remain logged in and then generate a newaccessToken
when they come back without them having to sign a challenge again.
mutation Authenticate {
authenticate(request: {
id: "6e2ff9c2-3c9d-45c7-a990-7b7d23b989ba", # ChallengeId
signature: "0x8f82e1a2c2cc35a2963c60eeb0a76aecc100686c4ffcb98fd522a90cba2f0b2642067c79cd6d0c9d239ed28a6882818f77bf546e774410236c730988bd14de5d1c"
}) {
accessToken
refreshToken
}
}
{
"data": {
"authenticate": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjB4YjE5QzI4OTBjZjk0N0FEM2YwYjdkN0U1QTlmZkJjZTM2ZDNmOWJkMiIsInJvbGUiOiJub3JtYWwiLCJpYXQiOjE2NDUxMDQyMzEsImV4cCI6MTY0NTEwNjAzMX0.lwLlo3UBxjNGn5D_W25oh2rg2I_ZS3KVuU9n7dctGIU",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjB4YjE5QzI4OTBjZjk0N0FEM2YwYjdkN0U1QTlmZkJjZTM2ZDNmOWJkMiIsInJvbGUiOiJyZWZyZXNoIiwiaWF0IjoxNjQ1MTA0MjMxLCJleHAiOjE2NDUxOTA2MzF9.2Tdts-dLVWgTLXmah8cfzNx7sGLFtMBY7Z9VXcn2ZpE"
}
}
}
Full GraphQL API Example
Updated 23 days ago