Sign In with World ID
Sign in with World ID
It is strongly recommended that mobile applications use Incognito Actions instead. Mobile sign currently behaves poorly.
When using Sign in with World ID, we highly recommend allowing users to set a separate recovery method for their account (e.g. email), in case users lose access to or reset their World ID. Read about World ID Reset here.
Some helpful resources for integrating World ID with your app:
- World ID Auth0 Integration.
- NextAuth.js Template Repository.
Typical OIDC-compatible authentication engines include Auth0, AWS Cognito, CloudFlare Access, OneLogin and many more. Most languages and frameworks have simple open source packages for this.
Follow the Auth0 Integration installation instructions to add Sign in with World ID to your Auth0 Tenant using the Client ID and Client Secret found in the Developer Portal.
If your app hasn't yet integrated Auth0, you can use any of their various SDK libraries to get started. This allows using Sign in with World ID on a very broad range of platforms, including web, mobile, and desktop apps.
Mapping User Info
https://id.worldcoin.org/beta
claim has been deprecated and replaced by https://id.worldcoin.org/v1
.The /userinfo
endpoint or id_token
JWT returns a JSON object with the following fields:
Response
{
"sub": "0x2ae86d6d747702b3b2c81811cd2b39875e8fa6b780ee4a207bdc203a7860b535",
"https://id.worldcoin.org/beta": { // deprecated, will be removed in the future
"likely_human": "strong",
"credential_type": "orb"
},
"https://id.worldcoin.org/v1": {
"verification_level": "orb", // "orb" or "device"
},
"email": "0x2ae86d6d747702b3b2c81811cd2b39875e8fa6b780ee4a207bdc203a7860b535@id.worldcoin.org", // if `email` scope is included
"name": "World ID User", // if `profile` scope is included
"given_name": "World ID", // if `profile` scope is included
"family_name": "User" // if `profile` scope is included
}
The email
field is set only for compatibility with apps that cannot function without it. Users cannot receive
emails at this address, and it should be ignored when possible.
The sub
field is the user's nullifier hash -- their unique identifier in the context of your app. A user's nullifier hash will be different for each app they use.
You can information about a user's World ID Credentials in the https://id.worldcoin.org/v1
object. Use the verification_level
field to determine whether the user has been Orb-verified or not.