Ethereum Wallet

Descope allows you to create custom Social Login (OAuth) providers within the Authentication Methods page. This guide covers the step by step configuration of a custom Ethereum Wallet OAuth provider.

Obtain Ethereum Client ID and Secret

Before creating the custom OAuth provider within the Descope console, you must obtain a Ethereum Client ID and Secret.

To obtain a Client ID and Secret, run the curl command below. You can find your project's base url in our Multi-Region Support Guide.

Terminal
curl -X POST https://oidc.login.xyz/register -d '{"redirect_uris":["https://<your-base-url>/v1/oauth/callback"]}'

The response will look something like this which includes the Client ID, secret, access token, and Client URI.

{
  "client_id": "xxxxx",
  "client_secret": "xxxxx",
  "registration_access_token": "xxxxx",
  "registration_client_uri": "https://oidc.login.xyz/client/xxxxx",
  "redirect_uris": [
    "https://api.descope.com/v1/oauth/callback"
  ]
}

Creating Descope Custom Provider

You can configure a custom provider in the Descope Console. Under Authentication Methods -> Social Login, select + Add custom provider in the top right corner. You can then set the name (in this case, "Ethereum"), logo, and description for your custom provider.

Create custom provider

Configure Account Settings

Within the account settings section of your provider, you will configure the following items:

  • Client ID: This is the Client ID from the response in the above curl.
  • Client Secret: This is the Client Secret from the response in the above curl.
  • Scopes: These are the configured scopes granted to Descope for the user within Ethereum. Scopes provides Ethereum users using third-party apps the confidence that only the information they choose to share will be shared. The minimum needed scopes for Descope to integrate with Ethereum are openid and profile.
  • Grant Type: Authorization Code grant type uses the default configured response method, while implicit is set to use the Form Post response method with "id_token" response type only.

Custom Ethereum OAuth provider account settings configured within Descope

Configure Connection Settings

Within the account settings section of your provider, you will configure the following items:

  • Authorization Endpoint: The endpoint to request authorization from the user. For Ethereum, this endpoint is https://oidc.login.xyz/authorize
  • Token Endpoint: The endpoint to exchange the authorization code for an access token. For Ethereum this endpoint is https://oidc.login.xyz/token
  • User Info Endpoint: The endpoint to get user details for attribute mapping. For Ethereum, this endpoint is https://oidc.login.xyz/userinfo

Note, these items can be found by running the below curl against the well known OpenID configuration URL.

Terminal
curl https://oidc.login.xyz/.well-known/openid-configuration

The response will look something like this which includes well known OpenID configuration items.

{
  "issuer": "https://oidc.login.xyz/",
  "authorization_endpoint": "https://oidc.login.xyz/authorize",
  "token_endpoint": "https://oidc.login.xyz/token",
  "userinfo_endpoint": "https://oidc.login.xyz/userinfo",
  "jwks_uri": "https://oidc.login.xyz/jwk",
  "registration_endpoint": "https://oidc.login.xyz/register",
  "scopes_supported": [
    "openid",
    "profile"
  ],
  "response_types_supported": [
    "code",
    "id_token",
    "token id_token"
  ],
  "subject_types_supported": [
    "pairwise"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "private_key_jwt"
  ],
  "claims_supported": [
    "sub",
    "aud",
    "exp",
    "iat",
    "iss",
    "preferred_username",
    "picture"
  ],
  "op_policy_uri": "https://oidc.login.xyz/legal/privacy-policy.pdf",
  "op_tos_uri": "https://oidc.login.xyz/legal/terms-of-use.pdf"
}

Once configured within the Descope console, your Connection Settings will look like the below.

Custom Ethereum OAuth provider connection settings configured within Descope

Configure User Attribute Mapping

These are the available claims supported by Ethereum:

  "claims_supported": [
      "sub",
      "aud",
      "exp",
      "iat",
      "iss",
      "preferred_username",
      "picture"
  ]

You can map sub, preferred_username, and picture to Descope attributes. See below for an example of the configured user attribute mapping.

Custom Ethereum OAuth provider user attribute mapping configured within Descope

For more OAuth provider settings information, check out the OAuth Settings Guide. To add Ethereum Social Login to your flow, check out our Social Login In Flows Guide.

Was this helpful?

On this page