Skip to main content

Authentication

Authenticating a user is the first step for most Mini Apps. Watchee provides a seamless, one-tap authentication mechanism.

The Flow

  1. Trigger: Your app calls minikit.walletAuth().
  2. Consent: Watchee app shows a prompt to the user asking for permission to share their public address and basic profile with your app.
  3. Response: Once approved, the promise resolves with the user's address and public key.

Implementation

import { minikit } from 'watchee-minikit';

const login = async () => {
  try {
    const account = await minikit.walletAuth();
    
    // Send this address to your backend to create a session
    // OR use it directly for client-side logic
    console.log('User logged in:', account.address);
    
  } catch (error) {
    // User rejected the request
    console.error('Login failed:', error);
  }
};

Verifying Identity

For secure applications, you shouldn't trust the client-side address alone. You should implement a "Sign-In with Wallet" flow:

  1. Get the address via walletAuth().
  2. Request a nonce from your backend.
  3. Ask user to sign the nonce via minikit.signMessage().
  4. Send the signature and nonce back to your backend for verification against the public key.
// Secure Login Example
const secureLogin = async () => {
  // 1. Connect
  const account = await minikit.walletAuth();
  
  // 2. Get Nonce (mock)
  const nonce = "random_string_from_server"; 
  
  // 3. Sign
  const { signature, full_message } = await minikit.signMessage({
    message: "Login to My App",
    nonce: nonce
  });
  
  // 4. Verify on Server
  await verifySignature(account.address, signature, full_message);
};