What is ChainGuard OAuth?

ChainGuard OAuth is a user-controlled authentication service for Web3 applications. It enables dApps to authenticate users using their ChainGuard identity (email/password + mobile 2FA) without requiring direct wallet connections. Built on OAuth 2.0 authorization code flow with enterprise-grade security, permission-based data access, and multi-chain support across Base, Arbitrum, Optimism, Polygon, and Ethereum mainnet.

How does ChainGuard OAuth work?

ChainGuard OAuth follows the standard OAuth 2.0 authorization code flow: 1) User clicks "Sign in with ChainGuard" on your dApp, 2) User authenticates with ChainGuard (email/password = 1FA, QR code scan = 2FA), 3) User grants permission-based data access, 4) ChainGuard redirects back with authorization code, 5) Your backend exchanges code for access token, 6) Your backend uses access token to retrieve user data. All authentication happens through ChainGuard - users never connect wallets directly to your dApp.

What are the benefits of using ChainGuard OAuth?

ChainGuard OAuth provides: Unified identity across all dApps (users authenticate once), Multi-factor security (email/password + mobile 2FA), Permission-based data access (users control what data is shared), KYC verification access (verify user identity without exposing personal data), Simple integration (standard OAuth 2.0 protocol), Multi-chain support (works across all supported networks), Privacy-first design (no data mining, explicit consent required), and Enterprise-grade security (CSRF protection, secure token storage, audit logging).

How do I integrate ChainGuard OAuth into my dApp?

Integrate ChainGuard OAuth in four steps: 1) Register your application in ChainGuard developer dashboard to get client ID and client secret, 2) Add "Sign in with ChainGuard" button that redirects to ChainGuard authorization endpoint with your client ID and requested scopes, 3) Create callback endpoint that receives authorization code and exchanges it for access token using your client secret, 4) Use access token to call ChainGuard userinfo endpoint and retrieve authorized user data. Full documentation and code examples are available in the developer portal.

What data can I access through ChainGuard OAuth?

Available scopes include: profile (basic user information like name and username), email (user email address), activity (user activity history and transaction records), connections (user wallet addresses and connection history), read (read-only access to user data), and write (write access for transaction operations). Users explicitly grant permissions for each scope - no data is shared without explicit consent. You can request multiple scopes, and users can approve or deny each one individually.

Is ChainGuard OAuth secure?

Yes, ChainGuard OAuth implements enterprise-grade security: OAuth 2.0 standard protocol with authorization code flow, CSRF protection via state parameter validation, Secure token storage (access tokens are short-lived, refresh tokens stored server-side), Multi-factor authentication (email/password + mobile QR code scan), Encrypted data transmission (AES-256-GCM encryption), Complete audit logging of all authentication events, and Privacy-first design with permission-based access. All tokens are handled server-side and never exposed to frontend JavaScript.

Do users need to connect their wallet to use ChainGuard OAuth?

No! That's one of the key benefits of ChainGuard OAuth. Users authenticate with ChainGuard using email/password (1FA) and mobile QR code scan (2FA). They never need to connect their wallet directly to your dApp. ChainGuard handles all backend authentication and can access user wallet addresses (if user grants permission) without requiring wallet connection. For transactions, users can optionally provide wallet signature for additional security (3FA), but this is handled through ChainGuard, not direct wallet connection to your dApp.

Which blockchain networks does ChainGuard OAuth support?

ChainGuard OAuth works across all ChainGuard-supported networks: Base (Coinbase L2), Arbitrum (Optimistic Rollup), Optimism (Optimistic Rollup), Polygon (PoS Chain), and Ethereum mainnet. One OAuth integration works for all networks. User wallet addresses are returned for all networks where the user has bound wallets. You can filter or request specific network addresses based on your dApp's needs.

How do I get started with ChainGuard OAuth?

To get started: 1) Create a ChainGuard account (free account creation), 2) Navigate to developer dashboard and register your application, 3) Receive your client ID and client secret, 4) Configure your redirect URIs and requested scopes, 5) Follow the integration guide to add OAuth flow to your dApp, 6) Test in development environment, 7) Deploy to production. Full documentation, code examples, and SDK support are available. The integration typically takes 1-2 hours for experienced developers.

What is the difference between ChainGuard OAuth and traditional wallet connections?

Traditional wallet connections require users to connect their wallet (MetaMask, WalletConnect, etc.) directly to each dApp. ChainGuard OAuth provides: Unified identity (authenticate once, access all dApps), Multi-factor security (email/password + mobile 2FA vs. just wallet signature), Permission-based data access (users control what data is shared), KYC verification (access to user verification status), No repeated wallet connections (authenticate with ChainGuard, not each dApp), and Better UX (familiar email/password login vs. wallet popups). ChainGuard OAuth is designed for dApps that want secure authentication without wallet connection complexity.

Can I use ChainGuard OAuth with existing authentication systems?

Yes! ChainGuard OAuth can be integrated alongside existing authentication systems. You can: Offer ChainGuard OAuth as an additional login option (alongside email/password, social login, etc.), Use ChainGuard OAuth for Web3-specific features while keeping traditional auth for other features, Migrate users gradually by offering both options, or Use ChainGuard OAuth as primary authentication and sync user data to your existing system. The OAuth flow is independent and doesn't interfere with other authentication methods.

How do I handle token refresh with ChainGuard OAuth?

ChainGuard OAuth provides refresh tokens for long-term access. When your access token expires, use the refresh token to obtain a new access token: POST to token endpoint with grant_type=refresh_token, refresh_token, client_id, and client_secret. Refresh tokens are long-lived but can be revoked by users. Store refresh tokens securely server-side (never in frontend). Implement automatic token refresh before expiration. Handle refresh token expiration by redirecting user to re-authenticate. Full token management documentation is available in the developer portal.

What happens if a user revokes access to my dApp?

If a user revokes access: Your access tokens and refresh tokens are immediately invalidated, Subsequent API calls will return 401 Unauthorized, You should handle this gracefully by redirecting user to re-authenticate, User can re-authorize your dApp at any time, and All previously granted permissions are reset. Users can revoke access from their ChainGuard account settings. It's recommended to implement token refresh error handling that detects revoked access and prompts re-authentication.

Can I customize the OAuth authorization screen?

The authorization screen is managed by ChainGuard to ensure security and consistency. However, you can customize: Application name and description (shown to users), Application logo (displayed on authorization screen), Website URL (linked from authorization screen), and Requested scopes (determines what permissions are requested). The authorization screen shows your app information, requested permissions, and allows users to approve or deny access. This ensures users always see consistent, secure authorization flows.

How do I test ChainGuard OAuth integration?

To test ChainGuard OAuth: 1) Register a test application in developer dashboard, 2) Use test redirect URIs (localhost is supported for development), 3) Create test ChainGuard accounts, 4) Test full OAuth flow (authorization → callback → token exchange → userinfo), 5) Test error scenarios (denied access, invalid codes, expired tokens), 6) Test token refresh flow, 7) Test with different scopes and permissions, 8) Use ChainGuard's test environment for development. Full testing guide and test credentials are available in the developer documentation.

What are the rate limits for ChainGuard OAuth API?

ChainGuard OAuth API rate limits ensure fair usage: Authorization requests: 100 requests per minute per client ID, Token exchange: 60 requests per minute per client ID, Userinfo requests: 120 requests per minute per access token, Refresh token requests: 30 requests per minute per client ID. Rate limits are per client ID (not per user). Exceeding limits returns 429 Too Many Requests with Retry-After header. Enterprise tier applications can request higher rate limits. Rate limit headers are included in all API responses.

Is ChainGuard OAuth free to use?

ChainGuard OAuth is included in all ChainGuard membership tiers. For dApp developers: OAuth integration and API access are free, No per-request fees or transaction fees, Standard rate limits apply (Enterprise tier can request higher limits), and No additional costs beyond standard ChainGuard membership. For end users: OAuth authentication is free (part of ChainGuard account), Users need a ChainGuard account (free account creation), and Membership includes full access to all ChainGuard services including OAuth. All membership tiers include monthly credits for gasless transactions.

Can I use ChainGuard OAuth for mobile apps?

Yes! ChainGuard OAuth works with mobile apps using standard OAuth 2.0 flows: For native mobile apps, use custom URL schemes or universal links for redirects, For React Native/Flutter apps, use deep linking, For mobile web apps, use standard redirect flow, ChainGuard mobile app provides 2FA via QR code scan, and All OAuth endpoints are mobile-friendly. Mobile apps should use PKCE (Proof Key for Code Exchange) for additional security. Full mobile integration guide is available in the developer documentation.

How does ChainGuard OAuth handle user privacy?

ChainGuard OAuth is privacy-first: Permission-based access (users explicitly grant each permission), No data mining (only requested data is shared), Users can revoke access anytime, Minimal data sharing (only what's necessary for your dApp), Encrypted data transmission, No tracking or analytics on user behavior, Users see exactly what data is requested before granting access, and Complete transparency in authorization screen. ChainGuard never shares user data without explicit consent. Users maintain full control over their data.

What programming languages are supported for ChainGuard OAuth integration?

ChainGuard OAuth works with any programming language that can make HTTP requests and handle OAuth 2.0 flows. Popular integrations include: JavaScript/TypeScript (Node.js, React, Vue, Angular), Python (Django, Flask, FastAPI), Go (Gin, Echo), PHP (Laravel, Symfony), Ruby (Rails), Java (Spring Boot), C# (.NET), and Rust. ChainGuard provides: RESTful API (works with any HTTP client), SDKs for popular languages (JavaScript, Python, Go), Code examples for common frameworks, and Full API documentation. The OAuth 2.0 protocol is language-agnostic.

Can I use ChainGuard OAuth for enterprise applications?

Yes! ChainGuard OAuth is designed for enterprise use: Enterprise-grade security (multi-factor authentication, audit logging), Compliance support (KYC verification, data protection), Custom rate limits for Enterprise tier, Priority support and dedicated account management, White-label options (contact for details), Custom integrations and API access, SLA guarantees, and Enterprise onboarding assistance. Enterprise applications can request custom scopes, higher rate limits, and dedicated infrastructure. Contact ChainGuard sales for enterprise pricing and custom solutions.

What is ChainGuard OAuth?

ChainGuard OAuth is a user-controlled authentication service for Web3 applications. It enables dApps to authenticate users using their ChainGuard identity (email/password + mobile 2FA) without requiring direct wallet connections. Built on OAuth 2.0 authorization code flow with enterprise-grade security, permission-based data access, and multi-chain support across Base, Arbitrum, Optimism, Polygon, and Ethereum mainnet.

How does ChainGuard OAuth work?

ChainGuard OAuth follows the standard OAuth 2.0 authorization code flow: 1) User clicks "Sign in with ChainGuard" on your dApp, 2) User authenticates with ChainGuard (email/password = 1FA, QR code scan = 2FA), 3) User grants permission-based data access, 4) ChainGuard redirects back with authorization code, 5) Your backend exchanges code for access token, 6) Your backend uses access token to retrieve user data. All authentication happens through ChainGuard - users never connect wallets directly to your dApp.

What are the benefits of using ChainGuard OAuth?

ChainGuard OAuth provides: Unified identity across all dApps (users authenticate once), Multi-factor security (email/password + mobile 2FA), Permission-based data access (users control what data is shared), KYC verification access (verify user identity without exposing personal data), Simple integration (standard OAuth 2.0 protocol), Multi-chain support (works across all supported networks), Privacy-first design (no data mining, explicit consent required), and Enterprise-grade security (CSRF protection, secure token storage, audit logging).

How do I integrate ChainGuard OAuth into my dApp?

Integrate ChainGuard OAuth in four steps: 1) Register your application in ChainGuard developer dashboard to get client ID and client secret, 2) Add "Sign in with ChainGuard" button that redirects to ChainGuard authorization endpoint with your client ID and requested scopes, 3) Create callback endpoint that receives authorization code and exchanges it for access token using your client secret, 4) Use access token to call ChainGuard userinfo endpoint and retrieve authorized user data. Full documentation and code examples are available in the developer portal.

What data can I access through ChainGuard OAuth?

Available scopes include: profile (basic user information like name and username), email (user email address), activity (user activity history and transaction records), connections (user wallet addresses and connection history), read (read-only access to user data), and write (write access for transaction operations). Users explicitly grant permissions for each scope - no data is shared without explicit consent. You can request multiple scopes, and users can approve or deny each one individually.

Is ChainGuard OAuth secure?

Yes, ChainGuard OAuth implements enterprise-grade security: OAuth 2.0 standard protocol with authorization code flow, CSRF protection via state parameter validation, Secure token storage (access tokens are short-lived, refresh tokens stored server-side), Multi-factor authentication (email/password + mobile QR code scan), Encrypted data transmission (AES-256-GCM encryption), Complete audit logging of all authentication events, and Privacy-first design with permission-based access. All tokens are handled server-side and never exposed to frontend JavaScript.

Do users need to connect their wallet to use ChainGuard OAuth?

No! That's one of the key benefits of ChainGuard OAuth. Users authenticate with ChainGuard using email/password (1FA) and mobile QR code scan (2FA). They never need to connect their wallet directly to your dApp. ChainGuard handles all backend authentication and can access user wallet addresses (if user grants permission) without requiring wallet connection. For transactions, users can optionally provide wallet signature for additional security (3FA), but this is handled through ChainGuard, not direct wallet connection to your dApp.

Which blockchain networks does ChainGuard OAuth support?

ChainGuard OAuth works across all ChainGuard-supported networks: Base (Coinbase L2), Arbitrum (Optimistic Rollup), Optimism (Optimistic Rollup), Polygon (PoS Chain), and Ethereum mainnet. One OAuth integration works for all networks. User wallet addresses are returned for all networks where the user has bound wallets. You can filter or request specific network addresses based on your dApp's needs.

How do I get started with ChainGuard OAuth?

To get started: 1) Create a ChainGuard account (free account creation), 2) Navigate to developer dashboard and register your application, 3) Receive your client ID and client secret, 4) Configure your redirect URIs and requested scopes, 5) Follow the integration guide to add OAuth flow to your dApp, 6) Test in development environment, 7) Deploy to production. Full documentation, code examples, and SDK support are available. The integration typically takes 1-2 hours for experienced developers.

What is the difference between ChainGuard OAuth and traditional wallet connections?

Traditional wallet connections require users to connect their wallet (MetaMask, WalletConnect, etc.) directly to each dApp. ChainGuard OAuth provides: Unified identity (authenticate once, access all dApps), Multi-factor security (email/password + mobile 2FA vs. just wallet signature), Permission-based data access (users control what data is shared), KYC verification (access to user verification status), No repeated wallet connections (authenticate with ChainGuard, not each dApp), and Better UX (familiar email/password login vs. wallet popups). ChainGuard OAuth is designed for dApps that want secure authentication without wallet connection complexity.

Can I use ChainGuard OAuth with existing authentication systems?

Yes! ChainGuard OAuth can be integrated alongside existing authentication systems. You can: Offer ChainGuard OAuth as an additional login option (alongside email/password, social login, etc.), Use ChainGuard OAuth for Web3-specific features while keeping traditional auth for other features, Migrate users gradually by offering both options, or Use ChainGuard OAuth as primary authentication and sync user data to your existing system. The OAuth flow is independent and doesn't interfere with other authentication methods.

How do I handle token refresh with ChainGuard OAuth?

ChainGuard OAuth provides refresh tokens for long-term access. When your access token expires, use the refresh token to obtain a new access token: POST to token endpoint with grant_type=refresh_token, refresh_token, client_id, and client_secret. Refresh tokens are long-lived but can be revoked by users. Store refresh tokens securely server-side (never in frontend). Implement automatic token refresh before expiration. Handle refresh token expiration by redirecting user to re-authenticate. Full token management documentation is available in the developer portal.

What happens if a user revokes access to my dApp?

If a user revokes access: Your access tokens and refresh tokens are immediately invalidated, Subsequent API calls will return 401 Unauthorized, You should handle this gracefully by redirecting user to re-authenticate, User can re-authorize your dApp at any time, and All previously granted permissions are reset. Users can revoke access from their ChainGuard account settings. It's recommended to implement token refresh error handling that detects revoked access and prompts re-authentication.

Can I customize the OAuth authorization screen?

The authorization screen is managed by ChainGuard to ensure security and consistency. However, you can customize: Application name and description (shown to users), Application logo (displayed on authorization screen), Website URL (linked from authorization screen), and Requested scopes (determines what permissions are requested). The authorization screen shows your app information, requested permissions, and allows users to approve or deny access. This ensures users always see consistent, secure authorization flows.

How do I test ChainGuard OAuth integration?

To test ChainGuard OAuth: 1) Register a test application in developer dashboard, 2) Use test redirect URIs (localhost is supported for development), 3) Create test ChainGuard accounts, 4) Test full OAuth flow (authorization → callback → token exchange → userinfo), 5) Test error scenarios (denied access, invalid codes, expired tokens), 6) Test token refresh flow, 7) Test with different scopes and permissions, 8) Use ChainGuard's test environment for development. Full testing guide and test credentials are available in the developer documentation.

What are the rate limits for ChainGuard OAuth API?

ChainGuard OAuth API rate limits ensure fair usage: Authorization requests: 100 requests per minute per client ID, Token exchange: 60 requests per minute per client ID, Userinfo requests: 120 requests per minute per access token, Refresh token requests: 30 requests per minute per client ID. Rate limits are per client ID (not per user). Exceeding limits returns 429 Too Many Requests with Retry-After header. Enterprise tier applications can request higher rate limits. Rate limit headers are included in all API responses.

Is ChainGuard OAuth free to use?

ChainGuard OAuth is included in all ChainGuard membership tiers. For dApp developers: OAuth integration and API access are free, No per-request fees or transaction fees, Standard rate limits apply (Enterprise tier can request higher limits), and No additional costs beyond standard ChainGuard membership. For end users: OAuth authentication is free (part of ChainGuard account), Users need a ChainGuard account (free account creation), and Membership includes full access to all ChainGuard services including OAuth. All membership tiers include monthly credits for gasless transactions.

Can I use ChainGuard OAuth for mobile apps?

Yes! ChainGuard OAuth works with mobile apps using standard OAuth 2.0 flows: For native mobile apps, use custom URL schemes or universal links for redirects, For React Native/Flutter apps, use deep linking, For mobile web apps, use standard redirect flow, ChainGuard mobile app provides 2FA via QR code scan, and All OAuth endpoints are mobile-friendly. Mobile apps should use PKCE (Proof Key for Code Exchange) for additional security. Full mobile integration guide is available in the developer documentation.

How does ChainGuard OAuth handle user privacy?

ChainGuard OAuth is privacy-first: Permission-based access (users explicitly grant each permission), No data mining (only requested data is shared), Users can revoke access anytime, Minimal data sharing (only what's necessary for your dApp), Encrypted data transmission, No tracking or analytics on user behavior, Users see exactly what data is requested before granting access, and Complete transparency in authorization screen. ChainGuard never shares user data without explicit consent. Users maintain full control over their data.

What programming languages are supported for ChainGuard OAuth integration?

ChainGuard OAuth works with any programming language that can make HTTP requests and handle OAuth 2.0 flows. Popular integrations include: JavaScript/TypeScript (Node.js, React, Vue, Angular), Python (Django, Flask, FastAPI), Go (Gin, Echo), PHP (Laravel, Symfony), Ruby (Rails), Java (Spring Boot), C# (.NET), and Rust. ChainGuard provides: RESTful API (works with any HTTP client), SDKs for popular languages (JavaScript, Python, Go), Code examples for common frameworks, and Full API documentation. The OAuth 2.0 protocol is language-agnostic.

Can I use ChainGuard OAuth for enterprise applications?

Yes! ChainGuard OAuth is designed for enterprise use: Enterprise-grade security (multi-factor authentication, audit logging), Compliance support (KYC verification, data protection), Custom rate limits for Enterprise tier, Priority support and dedicated account management, White-label options (contact for details), Custom integrations and API access, SLA guarantees, and Enterprise onboarding assistance. Enterprise applications can request custom scopes, higher rate limits, and dedicated infrastructure. Contact ChainGuard sales for enterprise pricing and custom solutions.

ChainGuard OAuth

User-Controlled Web3 Authentication

ChainGuard OAuth enables seamless, secure authentication and action authorization for your Web3 applications. Users authenticate with their ChainGuard identity (email/password + mobile 2FA) and grant permission-based data package access to your dApp or enterprise platform.

Based on granted permissions, your platform can request actions to be performed with the user's wallet or vault. Critical security: Platforms can NEVER invoke wallet payments directly. All operations, including wallet payments, require mandatory 2FA - users must first sign a QR code with their ChainGuard mobile app before any wallet operation is invoked. Only then is the wallet payload sent for signature. Vault operations require 3FA (2FA + guardian attestation for gas payment). This multi-layer security is only possible because of ChainGuard's smart shielded environment.

Built on OAuth 2.0 authorization code flow with enterprise-grade security. Your users get unified identity across all dApps, while you get a simple integration that works across Base, Arbitrum, Optimism, Polygon, and Ethereum mainnet.

View Integration Guide Learn More

Marketplace

Featured Collections

AllArtGaming

Cosmic #1234

2.5 ETH

Digital Art #567

1.8 ETH

Pixel Hero #890

3.2 ETH

ChainGuard App

OAuth 2.0

Standard Protocol

2FA/3FA

Multi-Factor Security

5+ Blockchain Networks

Privacy

Permission-Based

How ChainGuard OAuth Works

Simple, secure authentication flow that eliminates wallet connection complexity

User Visits Your dApp

User clicks "Sign in with ChainGuard" on your dApp. Your app redirects to ChainGuard authorization endpoint with your client ID and requested scopes.

Scan Login Request

User scans QR code with ChainGuard mobile app to initiate login. This is the first step of mandatory 2FA - users must authenticate via mobile app before any operation.

Authorize Permissions for dApp

User reviews and grants permission-based data access. User sees exactly what data your dApp will access (profile, email, wallet address, etc.) and can approve or deny specific permissions.

Backend Validates Connection

Your backend receives the authorization code and validates the connection request. Backend exchanges the code for access token and refresh token using your client secret. All token operations happen server-side for security.

Logged In Status Sent to Frontend

After successful validation, your backend sends the logged in status to your frontend. Your dApp updates the UI to show the authenticated state (e.g., marketplace dashboard, user profile, etc.). User is now fully logged in and can interact with your platform.

Why Choose ChainGuard OAuth?

Enterprise-grade authentication designed for Web3 applications

What Makes ChainGuard OAuth Different?

Unlike traditional Web3 authentication, ChainGuard provides a secure, isolated environment that protects users while enabling seamless dApp integration

Mandatory 2FA Before Wallet Operations

Unlike MetaMask, WalletConnect, or Web3Auth: Platforms can NEVER invoke wallet payments directly. All operations require mandatory 2FA - users must first sign a QR code with their ChainGuard mobile app before any wallet operation is even initiated. Vault operations require 3FA (2FA + guardian attestation). This critical security step is only possible because of ChainGuard's smart shielded environment.

Transaction Proof & Execution

Unlike traditional OAuth (Auth0, Okta): ChainGuard doesn't just authenticate users - we execute transactions and provide verifiable proof of execution. Your platform receives transaction hashes, block numbers, and cryptographic proof to update your database or frontend with confidence.

No Wallet Connection Required

Unlike Magic Link or Web3Auth: Users authenticate with email/password + mobile 2FA - no browser extension or wallet app required. This dramatically reduces friction and makes Web3 accessible to non-crypto-native users while maintaining enterprise-grade security.

Action Authorization, Not Just Auth

Unlike standard OAuth providers: ChainGuard OAuth enables action requests based on permissions. Your platform can request payments, transfers, or other blockchain actions. Users sign in ChainGuard's trusted environment, and you receive proof of execution - all without handling wallet connections.

Multi-Chain Native

Unlike single-chain solutions: ChainGuard OAuth works seamlessly across Base, Arbitrum, Optimism, Polygon, and Ethereum mainnet. One integration, all networks. Users can interact with multi-chain dApps without managing separate wallet connections per network.

Permission-Based Data Packages

Unlike all-or-nothing access: Users explicitly grant permissions for specific data packages (profile, email, activity, wallet addresses). Based on these permissions, your platform can request specific actions. Users maintain full control over what data and actions are shared.

The ChainGuard Advantage

ChainGuard OAuth combines the security of isolated wallet operations with the convenience of traditional OAuth. Unlike solutions that require wallet connections (risking phishing and unauthorized access) or traditional OAuth (lacking blockchain transaction capabilities), ChainGuard provides a complete solution: secure authentication, action authorization, and verifiable transaction execution - all within a trusted, isolated environment.

🔒 Critical Security Innovation: Platforms can NEVER invoke wallet payments directly. Every operation requires mandatory 2FA (QR code signature with ChainGuard app) before wallet operations are even initiated. Vault operations require 3FA (2FA + guardian attestation). This multi-layer protection is only possible because of ChainGuard's callback system - users always sign in ChainGuard's module frontend, never in your client's frontend.

🏆 Market First: ChainGuard is the first to bring this complete package to market. While competitors offer individual features (Web3Auth has 2FA, D3fenders has vault protection, Auth0 has OAuth), no other solution combines OAuth 2.0 + mandatory 2FA before wallet operations + callback system + transaction execution + 3FA vault operations + multi-chain support in one integrated platform. This is the first production-ready Web3 OAuth solution that eliminates direct wallet connections while maintaining enterprise-grade security.

Quick Integration Guide

Get started in minutes with our simple integration process

Step 1

Register Your Application

Create a ChainGuard account and register your dApp in the developer dashboard. You'll receive:

Client ID (public identifier)
Client Secret (keep secure, backend only)
Redirect URI configuration
Scope permissions setup

Step 2

Add Authorization Button

Add "Sign in with ChainGuard" button to your dApp. Redirect users to:

https://module.chain-fi.io/oauth/authorize?
  client_id=YOUR_CLIENT_ID
  &redirect_uri=YOUR_CALLBACK_URL
  &response_type=code
  &scope=profile email
  &state=RANDOM_STATE_STRING

Step 3

Handle Callback

Create a callback endpoint that receives the authorization code:

POST /api/oauth/token
{
  "code": "authorization_code",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "redirect_uri": "YOUR_CALLBACK_URL",
  "grant_type": "authorization_code"
}

Step 4

Access User Data

Use the access token to retrieve user information:

GET /api/oauth/userinfo
Authorization: Bearer ACCESS_TOKEN

Response:
{
  "id": "user_id",
  "email": "user@example.com",
  "name": "User Name",
  "kyc_verified": true,
  "wallet_addresses": [...]
}

Step 5

Request Actions (Optional)

Based on granted permissions, your platform can request actions to be performed with the user's wallet or vault:

POST /api/oauth/actions/request
{
  "action": "initiate_payment",
  "amount": "100",
  "currency": "ETH",
  "recipient": "0x...",
  "access_token": "user_access_token"
}

Critical security: The user MUST first sign a QR code with their ChainGuard mobile app (mandatory 2FA) before any wallet operation is initiated. Platforms can NEVER invoke wallet payments directly. After 2FA, the wallet payload is sent for signature. Vault operations require 3FA (2FA + guardian attestation). All operations happen exclusively within ChainGuard's smart shielded environment - never directly in your dApp.

Step 6

Receive Transaction Proof

After the user authorizes the action in ChainGuard's secure environment, ChainGuard executes the transaction and provides proof:

Response:
{
  "transaction_hash": "0x...",
  "block_number": 12345,
  "status": "confirmed",
  "proof": {
    "signature": "...",
    "timestamp": "...",
    "execution_id": "..."
  }
}

Your backend can use this transaction proof to update your database or frontend, completing the action flow.

View Full Documentation

Security & Privacy

Built with security and privacy as core principles

OAuth 2.0 Standard

Industry-standard authorization code flow with PKCE support. Battle-tested security protocols.

CSRF Protection

State parameter validation prevents cross-site request forgery attacks. All redirects are validated.

Secure Token Storage

Access tokens are short-lived. Refresh tokens are securely stored server-side. Never exposed to frontend.

Privacy-First

Users control what data is shared. Permission-based access with explicit consent. No data mining.

Encrypted Data

All user data encrypted at rest and in transit. AES-256-GCM encryption for sensitive information.

Audit Logging

Complete audit trail of all authentication events. Security monitoring and threat detection.

Use Cases

Perfect for any Web3 application that needs secure authentication

Ready to Integrate ChainGuard OAuth?

Start building secure Web3 authentication for your dApp. Get started in minutes with our comprehensive documentation and developer tools.

Get Started

View Documentation

ChainGuard OAuth

User-Controlled Web3 Authentication

Featured Collections

How ChainGuard OAuth Works

User Visits Your dApp

Scan Login Request

Authorize Permissions for dApp

Backend Validates Connection

Logged In Status Sent to Frontend

Why Choose ChainGuard OAuth?

Multi-Factor Security

Permission-Based Data Package

Unified Identity

Simple Integration

Mandatory 2FA Before Wallet Operations

Transaction Proof & Execution

Multi-Chain Support

What Makes ChainGuard OAuth Different?

Mandatory 2FA Before Wallet Operations

Transaction Proof & Execution

No Wallet Connection Required

Action Authorization, Not Just Auth

Multi-Chain Native

Permission-Based Data Packages

The ChainGuard Advantage

Quick Integration Guide

Register Your Application

Add Authorization Button

Handle Callback

Access User Data

Request Actions (Optional)

Receive Transaction Proof

Security & Privacy

OAuth 2.0 Standard

CSRF Protection

Secure Token Storage

Privacy-First

Encrypted Data

Audit Logging

Use Cases

DeFi Platforms

NFT Marketplaces

Web3 Games

DAO Platforms

Trading Platforms

Enterprise dApps

Ready to Integrate ChainGuard OAuth?

ChainGuard OAuth - User-Controlled Web3 Authentication

How ChainGuard OAuth Works

Integration Guide

Security Features

Use Cases