thirdweb API: Improved Social Authentication

Firekeeper

• New Social Auth Endpoint: Introduced GET /v1/auth/social for simplified OAuth authentication
  • Single-step OAuth flow with automatic redirect handling
  • Supports all 12 OAuth providers: Google, Apple, Facebook, Discord, GitHub, X, Coinbase, Farcaster, Telegram, LINE, Twitch, Steam
• Complete documentation with callback examples and JWT extraction guide

• OAuth via /auth/initiate: The OAuth method in /v1/auth/initiate is now deprecated
  • Still functional but will show deprecation warnings
  • Please migrate to the new /v1/auth/social endpoint

Before (Deprecated):

// Old OAuth initiation
POST /v1/auth/initiate
{
  "method": "oauth",
  "provider": "google", 
  "redirectUrl": "https://myapp.com/callback"
}
// Handle the rest yourself

After (Recommended):

// New simplified OAuth - just redirect user to:
GET /v1/auth/social?provider=google&redirectUrl=https://myapp.com/callback

Callback Handling:

// Extract the JWT token in your callback
const urlParams = new URLSearchParams(window.location.search);
const authResultString = urlParams.get("authResult");
const authResult = JSON.parse(authResultString!);
 
// Extract the JWT token
const token = authResult.storedToken.cookieString;
 
// Verify and use the JWT token
fetch("/v1/wallets/me", {
  headers: {
    Authorization: "Bearer " + jwtToken,
    "x-secret-key": "your-secret-key",
  },
});

• Simpler Integration: One-step OAuth flow instead of separate POST + redirecting yourself
• Better Documentation: Clear (and AI-friendly) callback handling examples and JWT extraction
• Consistent API: Follows standard OAuth redirect patterns
• Future-Proof: The new endpoint will receive ongoing support and improvements