Skip to main content

Using AIR Kit as your authentication provider

By default, we provide the following methods for users:
  • Google Login
  • Passwordless Email Login
  • Wallet Login (EOA wallet support)
login(options?: { authToken?: string }): Promise<AirLoginResult>
  • authToken : (highly recommended but optional) pass in your Partner JWT via the parameter with your partnerId inside the payload.
  • This would trigger the AIR Kit login dialog with built-in login methods for the user to choose from.
Session ConfigurationTo configure locale and currency settings, pass sessionConfig to the init() method. See Language & Currency Configuration for details.

Custom Auth (Bring your own Auth)

Instead of using AIR Kit as your authentication provider, AIR Kit supports users that have been already authenticated by your system to skip logging in again when using AIR Kit. To achieve this, pass in additional properties in the Partner JWT during login() , specifically email and partnerUserId . When an email is provided, we will verify via a one-time password sent to the specified email since it is used as an identifier in the AIR ecosystem. An example JWT looks like following: 
{
  "partnerId": "YOUR PARTNER ID",
  "partnerUserId": "YOUR USER ID", // optional
  "email": "YOUR USER EMAIL", // optional
  "exp": 1728973684,
  "iat": 1728970084
}

User Sessions

After successful login, an AirLoginResult object will be returned, which also contains a property token generated by us containing the following information: 
{
  sub: string,
  abstractAccountAddress: string,
  partnerId: string,
  partnerUserId?: string,
  sourcePartnerId?: string
}
This token can be used in the future to query some of our sdk functions. You may validate our token by using the following JWKS endpoint: https://static.air3.com/.well-known/jwks.json

Session management

AIR Kit automatically handles session management out of the box. When users return to your app, they would be automatically logged in provided that they have not logged out in the last 30 days.
  • To require users to log in every time they visit your app, set skipRehydration to true when initializing the SDK.
  • Call isLoggedIn to check the login state of a user.
  • To log out, call logout()
  • To update locale or currency settings after initialization, use updateSessionConfig():
// Update currency or locale
await airService.updateSessionConfig({
  currency: "EUR",
  locale: "es"
});

EOA Wallet Authentication (optional add-on)

EOA-based authentication is available as an optional customization on top of the default AIR Account login flow. This allows your users to authenticate using any EOA wallet (e.g., MetaMask, Trust Wallet) while still benefiting from the AIR Account identity stack. The EOA wallet is used only for authentication and identity verification. It does not replace the underlying MPC-based account abstraction or control mechanisms. In effect, the wallet address serves purely as a login identifier, while account control remains securely managed by AIR.

Why enable EOA auth?

  • Seamlessly supports existing “Connect Wallet” flows
  • Zero disruption to current users
  • Adds AIR Account–powered authentication without requiring UX changes
  • Works alongside Web2 and other login methods
If your application already uses EOA wallet login, you can enable AIR Account authentication on top of it—ensuring a unified identity experience while preserving your existing flow.

How to request EOA authentication

EOA auth is not enabled by default. To enable it for your project, please contact our support team with the following details:

EOA auth enablement request template

Subject: Request to Enable EOA Authentication for <Project Name > Email Body: 
Hi Team,

I would like to request **EOA authentication** to be enabled for our project.

**Project Name:**
**Partner ID: (Can be obtained from the Dev dashboard: https://developers.sandbox.air3.com/dashboard/general):**
**Environment:** (Production / Sandbox / Both)

**Current Login Method:**
(e.g., Connect Wallet, Web2 login, AIR Account)

**Reason for Enabling EOA Auth:**
(e.g., we support existing EOA wallet login and want to integrate AIR Account without disrupting our users)

Please let us know if you require any additional information or configuration details.

Thank you!