The recommended way to authenticate users is by using Wallet Authentication. This provides your app with access to a User object that contains the user’s wallet address, username, and other information. 
export type User = {
	walletAddress?: string
	username?: string
	profilePictureUrl?: string
	permissions?: {
		notifications: boolean
		contacts: boolean
	}
	optedIntoOptionalAnalytics?: boolean
	worldAppVersion?: number
	deviceOS?: string
}
In addition we have two helper functions to make it easier to get User information. 
MiniKit.getUserByAddress(address: string): Promise<User>
MiniKit.getUserByUsername(username: string): Promise<User>

// Returns
return {
    walletAddress: '0x...',
    username: 'John Doe',
    profilePictureUrl: 'https://example.com/profile.png',
};

How it works

Using NextAuth you can easily create and manage sessions for your app. The starter template is already set up with NextAuth. To extend this to other wallet providers, you simply need to trigger the wallet auth command and verify the response with verifySiweMessage.
Starting from World App 2.8.79 and higher, we support the standard SIWE verification library.

SIWE Implementations

Alternative Authentication Methods

  • OAuth (Google, Apple, etc.): These providers are supported but it’s recommended to trigger this outside of the World App and then redirect back to your mini app with the access token worldapp://mini-app?app_id=appId&path=/handle-oauth?accessToken=....
  • Sign in with World ID: Not recommended as it doesn’t provide the user’s wallet address.