SMS
A one-time passcode is sent to the user’s phone number. The user enters the code, the SDK verifies it, and a JWT is issued.Web3 wallets
The user connects an external wallet (MetaMask, Phantom, Coinbase Wallet, etc.) and signs a message to prove ownership. After the signature is verified, Dynamic issues a JWT.Social login
The user authenticates via an OAuth provider (Google, Discord, Apple, GitHub, X/Twitter, etc.). The SDK redirects to the provider, handles the callback, and issues a JWT. For provider setup and configuration, see Social Providers.Passkey (sign-in only)
The user authenticates using a passkey via WebAuthn. Passkey sign-in is supported as a primary authentication method. Passkey registration is supported as an MFA method.What happens after authentication
After a JWT is issued, additional steps may follow depending on your configuration:- Information capture: If you require fields like email, alias, or username, the user is prompted to complete them before being fully logged in. See your SDK’s information capture docs.
- Embedded wallet creation: If enabled, embedded wallets are created after authentication (not during). The user may be authenticated before the wallet is ready. See Embedded Wallets.
- MFA: If required, the user completes multi-factor authentication to upgrade their JWT scope. See MFA.
- Access control: Dynamic evaluates access lists and gates during authentication to determine whether the JWT is issued and what scopes it contains.