--- layout: learn permalink: /:collection/:path.html --- # Add Auth to your DApp {:.no_toc} The way you can add Blockstack Auth to your DApp depends on whether your app is a modern decentralized Blockstack App where code runs client-side without trusted servers or a legacy client-server app where a server is trusted. * TOC {:toc} ## Authentication in Client-side apps This method is appropriate for decentralized client-side apps where the user's zone of trust — the parts of the app that the user is trusting — begins and ends with the code running on their own computer. In apps like these, any code the app interacts with that's not on their own computer such as external servers does not need to know who they are. [Blockstack.js](https://blockstack.github.io/blockstack.js/) provides API methods that help you to implement Blockstack Authentication in your client-side app. ### Default flow The preferred way to implement authentication in these apps is to use the default flow. This flow encapsulates authentication behind a few function calls and makes it very fast to get up and running. The default process use these four functions: - UserSession.redirectToSignIn - UserSession.isSignInPending - UserSession.handlePendingSignIn - UserSession.loadUserData When your app wants to start the sign in process, typically when the user clicks a **Sign in with Blockstack** button, your app will call the `UserSession.redirectToSignIn`. This creates an ephemeral transit key, stores it in the web browser's `localStorage`. Then, the function is used to create an authentication request token. The Blockstack Browser redirects the user to the Blockstack Browser to approve the sign in request. When a user approves a sign in request, the Blockstack Browser returns a signed `authResponse` token to the `redirectURI` specified in `UserSession.redirectToSignIn`. To check for the presence of this token, your app should call `UserSession.isSignInPending`. If this returns `true`, the app should then call `UserSession.handlePendingSignIn`. This decodes the token, returns the signed-in-user's data, and simultaneously storing it to `localStorage` so that it can be retrieved later with `loadUserData`. ```js import * as blockstack from 'blockstack' var userSession = new UserSession() if (userSession.isSignInPending()) { userSession.handlePendingSignIn() .then(userData => { const profile = userData.profile }) } ``` By default, these method use the `store_write` scope which allows the DApp to read the user profile and read/write user data for the DApp. To specify a different scope, use a AppConfig object. ### Custom flows Alternatively, you can generate your own transit private key and/or authentication request token using the UserSession.makeAuthRequest function. This function gives you more control over the authentication experience. For example, you can change the sign in experience so that it prompts users who have not yet created a Blockstack identity, to choose a hub URL. The `makeAuthRequest()` method takes the following parameters:
transitPrivateKey(String = generateAndStoreTransitKey())
redirectURI(String = `${window.location.origin}/`)
manifestURI(String = `${window.location.origin}/manifest.json`)
scopes (Array = DEFAULT_SCOPE)
appDomain(String = window.location.origin)
expiresAt(Number = nextHour().getTime())
extraParams(Object = {})