Skip to main content

Passport identity

Immutable Passport is an Open ID provider and uses the Open ID Connect protocol for authentication and authorization. Third-party applications, such as games or marketplaces, can integrate Passport into their platforms to authenticate their users and access their wallets.

authenticate passport usersauthenticate passport users

Supported authentication methods in Passport

These are the authentication methods available in Passport today.

TypeDescription
GoogleUsers can login with their Google e-mail
AppleUsers can login with their Apple iCloud e-mail
Passwordless e-mail sign-inUsers can login with their e-mail and an OTP code

Right now Immutable Passport does not support using the game login to access wallets. Please get in contact on Discord if you need to authenticate your users with different methods.

How authentication works

When using Passport as an identity provider, the authentication flow begins within your application. If the user already has an account with Passport, they can sign in to their existing account using the same credentials, which can be shared across multiple apps.

💡Mobile availability
Please note this authentication experience is available on mobile web only today. Native mobile experiences will be delivered in the future.

For new users, they will need to sign up for a new account and complete the authentication flow to be authenticated in your application.

The high-level steps for the authentication flow are as follows:

  1. The user clicks on "Login with Passport" in your application.
  2. The user a window pop-up is opened with Passport's secure login page (auth.immutable.com).
  3. The user authenticates based on their preferred login method.
  4. The user approves the scopes you requested when registering your app's OAuth client (only once).
  5. The user is redirected to the callback URL you defined when registering your app's OAuth client.
  6. Your application obtains an id_token and an access_token.

If you are using the Immutable SDK, all these steps are simplified by the provider.requestAccounts() function. You can find more information here.

IMX Whitepaper IMX Tokenomics Block Explorer Careers Contact Us