Add Bitcoin-powered authentication to your app - no passwords needed, just cryptographic signatures.
Try It First
See it in action: Visit sigmaidentity.com and click the live demo!
What You'll Build
Choose Your Framework
Sigma Auth works with any web framework. Select your framework for specific instructions:
Next.js
Full-stack React framework with NextAuth.js integration
React
Single-page applications with React hooks
Vanilla JavaScript
Plain JavaScript with no framework dependencies
Or follow the manual OAuth setup below to understand the core flow.
Core Requirements
Regardless of framework, you'll need:
- Client ID: Your app's identifier (e.g., "my-awesome-app")
- Redirect URI: Where users return after auth (e.g.,
https://myapp.com/callback
) - OAuth Endpoints: Sigma Auth provides standard OAuth 2.0 endpoints
Generating Secure Secrets
For frameworks that require session secrets (like NextAuth.js), generate one using:
openssl rand -base64 32
See framework-specific guides for detailed environment variable setup.
Manual OAuth Setup
This example shows the core OAuth flow that works with any framework:
1. Create Login Link
function createLoginUrl() {
const params = new URLSearchParams({
client_id: 'your-app-name',
redirect_uri: 'http://localhost:3000/callback',
response_type: 'code',
provider: 'sigma',
state: Math.random().toString(36) // CSRF protection
});
return `https://auth.sigmaidentity.com/authorize?${params}`;
}
// In your login button:
window.location.href = createLoginUrl();
2. Handle Callback
Create a /callback
route in your app:
// Express.js example
app.get('/callback', async (req, res) => {
const { code, state } = req.query;
// Verify state parameter matches what you sent
if (!code) {
return res.status(400).send('No authorization code received');
}
try {
// Exchange code for access token
const tokenResponse = await fetch('https://auth.sigmaidentity.com/token', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
code,
client_id: 'your-app-name',
redirect_uri: 'http://localhost:3000/callback'
})
});
const { access_token } = await tokenResponse.json();
// Get user info
const userResponse = await fetch('https://auth.sigmaidentity.com/userinfo', {
headers: { Authorization: `Bearer ${access_token}` }
});
const user = await userResponse.json();
// Store user in session/database
req.session.user = user;
// Redirect to dashboard
res.redirect('/dashboard');
} catch (error) {
console.error('Auth error:', error);
res.status(500).send('Authentication failed');
}
});
3. Protect Routes
function requireAuth(req, res, next) {
if (!req.session.user) {
return res.redirect('/login');
}
next();
}
app.get('/dashboard', requireAuth, (req, res) => {
res.send(`Welcome ${req.session.user.name}!`);
});
Testing Your Integration
- Start your app:
npm run dev
or your dev command - Click your sign-in button
- You'll be redirected to Sigma Auth
- Generate a Bitcoin key (first time only)
- Your key automatically signs an auth token
- You'll be redirected back to your app, logged in!
Common Issues & Solutions
"Invalid redirect URI"
- Make sure your
redirect_uri
matches exactly in both the login URL and token exchange - For local development, use
http://localhost:3000/callback
- For production, use your actual domain:
https://yourapp.com/callback
"No authorization code received"
- Check that your
/callback
route is correctly set up - Verify the
redirect_uri
parameter is correct - Look at browser dev tools Network tab for any errors
NextAuth session is undefined
- Make sure you wrapped your app with
<SessionProvider>
- Check that your environment variables are set correctly
- Verify the NextAuth configuration matches the example above
Users get stuck on "generating key"
- This is usually a browser compatibility issue
- Make sure the page is served over HTTPS in production
- Some ad blockers can interfere with crypto operations
What's Next?
Congratulations! You now have Bitcoin-powered authentication.
Customize the Experience
- Branding Guide - Make it look like your app
- User Profiles - Rich user profiles with Bitcoin identity
Go Deeper
- Self-Hosting - Run your own instance
- API Reference - All endpoints and responses
- Security Guide - Best practices and considerations
Get Help
- GitHub Discussions - Community support
- GitHub Issues - Bug reports
- Email: support@sigmaidentity.com