World ID
Sign In with Worldcoin
When using Sign In with Worldcoin, we recommend allowing users to set a separate recovery method for their account (e.g. email), in case users lose access to their World ID. Read more about upcoming recovery for World ID.
World ID can be used as an authentication mechanism. Some helpful resources for integrating World ID with your app:
- World ID Auth0 Integration.
- NextAuth.js Template Repository.
Typical OIDC-compatible authentication engines include Auth0, AWS Cognito, CloudFlare Access, OneLogin and many more. Most languages and frameworks have simple open source packages for this.
Follow the Auth0 Integration installation instructions to add Sign In with Worldcoin to your Auth0 Tenant using the Client ID and Client Secret found in the Developer Portal.
If your app hasn't yet integrated Auth0, you can use any of their various SDK libraries to get started. This allows using Sign In with Worldcoin on a very broad range of platforms, including web, mobile, and desktop apps.
Mapping User Info
The /userinfo
endpoint returns a JSON object with the following fields:
Response
{
"sub": "0x2ae86d6d747702b3b2c81811cd2b39875e8fa6b780ee4a207bdc203a7860b535",
"https://id.worldcoin.org/beta": {
"likely_human": "strong",
"credential_type": "orb"
},
"email": "0x2ae86d6d747702b3b2c81811cd2b39875e8fa6b780ee4a207bdc203a7860b535@id.worldcoin.org",
"name": "World ID User",
"given_name": "World ID",
"family_name": "User"
}
The email
field is set only for compatibility with apps that cannot function without it. Users cannot receive
emails at this address, and it should be ignored when possible.
The sub
field is the user's nullifier hash -- their unique identifier in the context of your app. A user's nullifier hash will be different for each app they use.
You can information about a user's World ID Credentials in the https://id.worldcoin.org/beta
object. Use the credential_type
field to determine whether the user has been Orb-verified or not.