Authentication Flow
- Message Creation - Generate a SIWE message with domain, URI, and chain information
- Signature - User signs the message with their wallet
- Verification - Server verifies the signature and issues an authorization token
- Token Storage - Client stores the token for authenticated requests
Login Method
Thelogin
method handles the complete authentication flow, from message creation to token retrieval.
Quick Reference
Method Signature
Parameters
Response
Usage Examples
Frontend with WagmiSimple Backend Example
Considerations
- Domain Verification - Always use the correct domain to prevent phishing
- Message Content - The SIWE message includes Otim’s terms and conditions
- Nonce Generation - The SDK automatically generates a unique nonce
SIWE Message Details
The SDK automatically creates a SIWE message with the following content:Setting Authorization
ThesetAuthorizationHeader
method was created for scenarios where you already have a JWT token and need to set it on the Otim client for subsequent authenticated API calls, but don’t have the context to provide it during client creation.
The setAuthorizationHeader
method sets a JWT token on an existing Otim Client instance.
Quick Reference
Method Signature
When to Use
This method is useful when:- You’re in a backend service that manages tokens separately
- You need to switch between different authentication contexts
- You’re working with tokens obtained through external authentication flows
When You Might NOT Need It (Frontend Apps)
For frontend applications, you often don’t needsetAuthorizationHeader
because you can provide the token directly during client creation:
Usage Examples
Setting a JWT token on an existing client:- Token is provided during client creation, not set afterward
- Client automatically recreates when token changes
- No need for
setAuthorizationHeader
calls - Reactive to token state changes
Logout Method
Thelogout
method handles the complete logout process: it calls the Otim API to invalidate the session server-side and clears the local authentication state from the client. This ensures proper cleanup of both client and server authentication state.
Quick Reference
Method Signature
Usage Examples
Simple logout call:Why Proper Logout Matters
Logging out is important because:- Calls the API to invalidate server-side session
- Client automatically becomes really unauthenticated after logout