Configuration

BitBadges authentication uses an OAuth URL with custom parameters: https://bitbadges.io/siwbb/authorize?client_id=....

Users will visit this URL to authenticate and receive an authorization code. This code will be passed behind the scenes for digital flows via the redirect or it will be the actual QR code for in-person / delayed flows.

By default, Sign In with BitBadges will handle multi-chain authentication for the user (in other words, checking address ownership). You can additionally:

• Specify the scope to request additional BitBadges API permissions for the user (e.g. 'completeClaims,readAddressLists')

• Specify a claimId to display a specific claim to the user (for display purposes, you will need to verify the claim successes on your end). Claims open up any criteria like badge ownership checks, payments, anything

• You can also expectAttestations to have the user provide you with attestations from their account that you want to receive (to be verified on your end)

Parameter Interface

interface CodeGenQueryParams {
    client_id: string; // Required: Your app's client ID
    redirect_uri?: string; // Required for instant auth. Not needed for QR code auth.
    state?: string; // Optional: Additional data passed to redirect
    scope?: string; // Optional: Comma-separated BitBadges API permission scopes (e.g. 'completeClaims,readAddressLists')

    // Claim UI Options (optional)
    claimId?: string; // ID of required claim
    hideIfAlreadyClaimed?: boolean; // Hide if already claimed
    expectVerifySuccess?: boolean;

    // Expect attestation presentations
    expectAttestations?: boolean;
}

Key Features

1. App Configuration

• client_id is mandatory (obtained from app registration)

• redirect_uri required for instant auth, optional for delayed auth

• If redirect_uri is blank, QR code is generated and stored in user's account

• See OAuth tutorials for more details

2. Scopes

• This is only needed for authorized BitBadges API access. By default, you will verify address ownership with no scopes.

• Format: scope: 'completeClaims,readAddressLists'

3. Claims

• Specify required claim to be satisfied with claimId

• Create the claim in the developer portal. See claim docs for more details.

• Claims are not a part of the core authentication process. You need to verify them separately server-side to ensure the user has met the criteria.

4. Attestations

• Receive attestations from the user directly via the sign-in process. This is a more direct alternative rather than needing to set up a custom plugin in a claim.

• Note, like claims, these are not a part of the core authentication process. You need to verify them separately server-side to ensure the user has met the criteria.

• While we do our best to maintain well-formedness, treat BitBadges as the middleman. Verify all on your end.