Authentication
Dashboard → User Management → Authentication
Configure which authentication providers are available to your users.
Supported providers
| Provider | Type | Setup required |
|---|---|---|
| OAuth 2.0 | None — Pollar handles the OAuth flow | |
| GitHub | OAuth 2.0 | None — Pollar handles the OAuth flow |
| Discord | OAuth 2.0 | None — Pollar handles the OAuth flow |
| Email OTP | One-time password | None — Pollar sends the OTP email |
Enable or disable each provider here. Only enabled providers appear in the WalletButton modal and are accepted by login().
Email OTP flow
What the user sees at each state
| State | What the user sees |
|---|---|
idle | WalletButton — the login entry point |
creating_session | LoginModal opens with a centered spinner and label "Initializing..." |
entering_email | LoginModal shows an email input field and a "Continue" button |
sending_email | "Continue" button is disabled with an inline spinner — label changes to "Sending..." |
entering_code | LoginModal shows a 6-digit OTP input field and a "Verify" button |
verifying_email_code | "Verify" button is disabled with an inline spinner — label changes to "Verifying..." |
authenticating | LoginModal shows a centered spinner and label "Authenticating..." |
authenticated | LoginModal shows a success message — closes automatically after a few seconds |
OAuth flow (Google, GitHub, Discord)
OAuth providers follow the standard authorization code flow. When login({ provider: 'google' }) is called:
LoginModalopens briefly with a spinner — "Redirecting..."- The browser redirects to the provider's consent screen
- After the user approves, the provider redirects back to your app
LoginModalreopens with a spinner — "Authenticating..."- The same five internal steps run (see below)
LoginModalshows a success message and closes
What happens during authentication
After credentials are verified — whether via OTP code or OAuth callback — the Pollar API runs five steps before issuing the JWT:
- Validate session — confirms the session ID is valid and not expired
- Resolve wallet — finds the existing wallet for this user, or creates a new one on first login
- Verify minimum funding — checks the wallet has the minimum XLM reserve (Immediate mode only)
- Verify trustlines — ensures all assets configured in the Dashboard are enabled on the wallet
- Generate JWT — issues a signed token that the SDK stores and uses for subsequent requests
This sequence is identical for all providers.
Custom OAuth app coming soon
By default, Pollar uses its own OAuth credentials for Google, GitHub, and Discord. You can configure your own OAuth app credentials for a fully branded experience — users will see your app name in the OAuth consent screen instead of Pollar's.