Skip to main content
EVMSolana

Overview

Embedded Wallets provide secure, user-friendly authentication methods that eliminate the complexity of traditional crypto wallets. Users can access their wallets through familiar authentication patterns like email one-time passwords (OTP), SMS, and social logins, without ever dealing with seed phrases or browser extensions.
Ready to implement authentication? Check out the Implementation Guide for step-by-step integration instructions.

Email OTP

Email OTP is the primary authentication method for Embedded Wallets, providing a secure and familiar experience for users.
  1. User enters email: The user provides their email address in your application
  2. OTP sent: A 6-digit one-time password is sent to their email
  3. User verifies: The user enters the OTP in your application
  4. Wallet access: Upon successful verification, the wallet is created or accessed
  • Time-limited codes: OTPs expire after 10 minutes for security
  • Rate limiting: Protection against brute force attempts
  • Secure delivery: Emails sent through Coinbase’s trusted infrastructure
  • Device binding: Wallets are cryptographically bound to the user’s device
  • No passwords to remember: Users don’t need to create or manage passwords
  • Instant onboarding: New users can create a wallet in seconds
  • Familiar process: Similar to authentication flows users already know
  • Cross-device support: Users can access their wallet from up to 5 devices

Email Customization

By default, all emails are sent without customization. If you’d like to use a custom email template featuring your app’s name and logo, reach out to us on Discord, and we’ll get you set up within one business day.

SMS OTP

SMS-based one-time passwords are available as an additional authentication method, providing users with more flexibility in how they access their wallets.
  1. User enters phone number: The user provides their phone number in your application
  2. OTP sent: A 6-digit one-time password is sent to their phone number
  3. User verifies: The user enters the OTP in your application
  4. Wallet access: Upon successful verification, the wallet is created or accessed
  • Time-limited codes: OTPs expire after 5 minutes for security
  • Rate limiting: Protection against brute force attempts
  • Secure delivery: Text messages sent through Coinbase’s trusted infrastructure
  • Device binding: Wallets are cryptographically bound to the user’s device
  • No passwords to remember: Users don’t need to create or manage passwords
  • Instant onboarding: New users can create a wallet in seconds
  • Familiar process: Similar to authentication flows users already know
  • Cross-device support: Users can access their wallet from up to 5 devices
This feature is currently supported for phone numbers from the following countries - Australia, Brazil, Canada, Colombia, France, Germany, India, Indonesia, Italy, Japan, Kenya, Mexico, Netherlands, Philippines, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, United Arab Emirates, United Kingdom, United States of America. If you’d like to enable the feature in additional regions, reach out to us on Discord.
SMS security considerations:
  • SMS authentication is inherently vulnerable to SIM swapping attacks, where attackers can take over a user’s phone number.
  • You should weigh the convenience of logging in with SMS with the potential for a user’s wallet to be taken control of.

Social login providers

Social login through Google, Apple, and X are supported via our SDK using OAuth 2.0. We offer Coinbase-owned OAuth login, allowing users to recognize and trust Coinbase’s brand during the login process.
  1. User initiates social login: The user clicks on a familiar button like “Sign in with Google” or “Sign in with X”
  2. User logs in: The user is redirected to the login flow from the OAuth provider
  3. User verifies: The user completes login
  4. Wallet access: Upon successful verification, the wallet is created or accessed
  • Time-limited codes: Social login sessions are managed using a refresh and access token model with configurable expiration
  • Rate limiting: Protection against brute force attempts
  • Secure delivery: Login is facilitated by Coinbase’s trusted brand.
  • No passwords to remember: Users don’t need to create or manage passwords
  • Instant onboarding: New users can create a wallet in seconds
  • Familiar process: Similar to authentication flows users already know
  • Cross-device support: Users can access their wallet from up to 5 devices
React Native OAuth setup: OAuth authentication is fully supported in React Native, but requires deep link configuration to handle authentication callbacks. See our complete React Native Social Login Configuration guide for step-by-step instructions. Note: Email and SMS authentication work out-of-the-box in React Native with no additional configuration needed.

Examples

Sign in with social providers using the OAuth flow. Note that the page from which the signInWithOAuth call occurs will be redirected back to after the user authenticates with their provider. The user will be automatically logged-in when @coinbase/cdp-core re-initializes. 
import { initialize, signInWithOAuth } from '@coinbase/cdp-core';

// Initialize the CDP SDK
await initialize({
  projectId: 'your-project-id'
});

// Initiate Google OAuth sign-in
// User will be redirected to Google to complete their login
// After login, they will be redirected back to your app, and the login
// process will be completed automatically by the SDK
try {
  void signInWithOAuth("google");
} catch (error) {
  console.error("Failed to sign in with Google:", error);
}

Auth method linking

Once a user is authenticated, you can enable them to link additional authentication methods to their account. This allows users to sign in using multiple methods (email, SMS, OAuth providers) while maintaining access to the same embedded wallet.
  1. User must be authenticated: The user signs in using any supported method
  2. Initiate linking: User requests to link an additional authentication method
  3. Verify the method: Complete verification (OTP or OAuth flow)
  4. Linked: The new method is now associated with the same user account and wallet
For detailed implementation examples and code snippets, see the Auth Method Linking guide.

Developer-delegated authentication

This feature is in development and coming soon. This will enable applications with existing authentication systems to integrate Embedded Wallets seamlessly with their current user authentication flow.