Authentication - Polygon Developer Docs

Non-custodial wallets support multiple authentication flows. Each method creates or recovers the same underlying wallet address for that user; a user who signs in with Google and then later with email (if accounts are linked) accesses the same wallet. Social login is the recommended flow for consumer-facing fintechs and payment apps. Users authenticate via their existing Google or Apple account. No password or seed phrase is involved.

TypeScript
Swift
Kotlin

const result = await oms.wallet.signInWithOidcRedirect({
  provider: 'google',
})

if (result && 'walletAddress' in result) {
  console.log('Wallet address:', result.walletAddress)
}

let result = try await oms.wallet.signInWithOidcToken(
    idToken: googleIdToken,
    issuer: "https://accounts.google.com",
    audience: "YOUR_WEB_CLIENT_ID"
)

if case let .walletSelected(walletAddress, _, _, _) = result {
    print("Wallet address:", walletAddress)
}

import com.omsclient.kotlin_sdk.wallet.CompleteAuthResult

val result = client.wallet.signInWithOidcIdToken(
    idToken = googleIdToken,
    issuer = "https://accounts.google.com",
    audience = "YOUR_WEB_CLIENT_ID",
)
check(result is CompleteAuthResult.WalletSelected)

println("Wallet address: ${result.walletAddress}")

The wallet is created automatically on first login using the identity token from the provider. The token is verified inside a secure enclave; neither the app nor OMS can read it. For Google setup, see the Google OAuth configuration guide on the Sequence docs. For Apple setup, see the Apple configuration guide.

Email OTP

Email OTP is ideal for financial products where users may not have a social account or prefer not to link one. The user enters their email, receives a one-time code, and the wallet is created on verification.

TypeScript
Swift
Kotlin

await oms.wallet.startEmailAuth({ email: 'user@example.com' })

const result = await oms.wallet.completeEmailAuth({ code: '123456' })

console.log('Wallet address:', result.walletAddress)

try await oms.wallet.startEmailAuth(email: "user@example.com")

let result = try await oms.wallet.completeEmailAuth(code: "123456")

if case let .walletSelected(walletAddress, _, _, _) = result {
    print("Wallet address:", walletAddress)
}

import com.omsclient.kotlin_sdk.wallet.CompleteAuthResult

client.wallet.startEmailAuth("user@example.com")

val result = client.wallet.completeEmailAuth("123456")
check(result is CompleteAuthResult.WalletSelected)

println("Wallet address: ${result.walletAddress}")

The SDK handles the full OTP flow. No additional backend is required; the code exchange happens between the SDK and the WaaS enclave.

Custom OIDC and OAuth 2.0 providers

OMS Wallet supports any OIDC-compliant provider and standard OAuth 2.0 authorization code flows with PKCE. This covers enterprise SSO (Okta, Auth0, custom in-house IdPs), region-specific identity providers, and identity providers tied to an external KYC or IDV vendor. The provider is registered per project in the Polygon project dashboard with its issuer URL and client credentials. The same signInWithOidcRedirect and signInWithOidcToken APIs used for the built-in Google and Apple flows work with any registered provider; the WaaS enclave verifies the ID token against the provider’s JWKS endpoint. No provider-specific code is required in your app.

TypeScript
Swift
Kotlin

if (oms.wallet.session.walletAddress) {
  console.log('Signed in:', oms.wallet.session.walletAddress)
} else {
  console.log('Not signed in')
}

if let walletAddress = oms.wallet.session.walletAddress {
    print("Signed in:", walletAddress)
} else {
    print("Not signed in")
}

val session = client.session

if (session.walletAddress != null) {
    println("Signed in: ${session.walletAddress}")
} else {
    println("Not signed in")
}

​Social login

​Email OTP

​Custom OIDC and OAuth 2.0 providers

​Checking sign-in state

Social login

Email OTP

Custom OIDC and OAuth 2.0 providers

Checking sign-in state