Docs / auth / BrokeredLoginButton

BrokeredLoginButton

component

The only authentication method for built apps — a button that opens Casino's auth popup where Privy runs and posts a scoped JWT back to the app.

import { BrokeredLoginButton } from 'flowstack-sdk'

Built apps authenticate only via BrokeredLoginButton — not email/password, not Google sign-in, not the wallet module. The broker opens a Casino popup that handles Privy login on Casino's origin (the only origin registered with Privy). Privy creates an embedded wallet for the user, the popup closes, and it postMessages a scoped JWT back to your app.

No Privy app ID, no privyConfig, no wagmi/viem peer deps are needed here. After auth, read identity from useFlowstack() (credentials) — not useAuth().

Why not email/password? End-users of built apps don't have Casino email/password accounts — they authenticate via Privy (embedded wallet + email/Google) through the broker, so useAuth().login(email, password) always returns an error for built-app end-users.

Signature

<BrokeredLoginButton label?="..." />

Parameters

ParamTypeNotesDescription
labelstringButton text, e.g. "Continue with Flowstack".

Examples

Login page
import { useFlowstack, BrokeredLoginButton } from 'flowstack-sdk';

function LoginPage() {
  // No email, no password, no Privy appId needed here
  return (
    <div style={{ display: 'flex', flexDirection: 'column', alignItems: 'center', justifyContent: 'center', minHeight: '100dvh', gap: '1rem' }}>
      <h1>Welcome</h1>
      <BrokeredLoginButton label="Continue with Flowstack" />
    </div>
  );
}
WarningBuilt apps must use BrokeredLoginButtonnot useAuth().login(), not LoginButton from flowstack-sdk/wallet, and not privyConfig.appId. End-users don't have Casino email/password accounts.
NoteAfter auth, read identity from useFlowstack() (credentials) — not useAuth().
NoteAccount switching: after logout(), the next BrokeredLoginButton click passes force_login=1, so the broker purges its sticky Privy/Casino session and the user can sign in with a different account. Without this, brokered re-login silently returns the same identity.

See also

useFlowstack · AuthGuard · useAuth · FlowstackProvider

Source: README.md#2-add-authentication · Also available in llms-full.txt and registry.json.