# Login & Authentication SDK *** This guide is designed to help creators integrate VIVERSE SDKs when uploading WebGL content from engines like Unity, three.js or Wonderland Engine to VIVERSE Studio. > BEFORE GETTING STARTED: > > 1. An App ID needs to be created, either through the CLI or the VIVERSE Studio workflow. [See our docs](https://docs.viverse.com/publishing-with-your-viverse-account#select-create-new-world) for this information. > 2. The VIVERSE SDK is hosted at this URL and must be integrated into your JavaScript/WebGL project and target engine. Either target a specific version like [`https://www.viverse.com/static-assets/viverse-sdk/1.3.3/index.umd.cjs`](https://www.viverse.com/static-assets/viverse-sdk/1.3.3/index.umd.cjs) or always target the latest version at [`https://www.viverse.com/static-assets/viverse-sdk/index.umd.cjs`](https://www.viverse.com/static-assets/viverse-sdk/index.umd.cjs) ## Authentication & Authorization User login is required to check for user information like name, profile picture URL, and .vrm avatar URL. #### Step 1: **Initialize the Client** Before any authentication, initialize the SDK client in your application: ``` // Initialize a new client globalThis.viverseClient = new globalThis.viverse.client({ clientId: '{yourAppID}', domain: 'account.htcvive.com', // HTC Account domain cookieDomain: '{yourCookieDomain}', // Optional }); ``` #### Step 2: Check for Existing Authentication Once the client is initialized, await its `checkAuth()` function to check for valid user credentials: 
const result = await globalThis.viverseClient.checkAuth();
If the user is logged in, you'll get their authentication information in an object structured like so: ``` { access_token: string; // The access token to be used in API requests account_id: string; // The unique user account ID expires_in: number; // Remaining token lifetime in seconds state: string; // Optional custom state value from the original login } ``` If the user is not logged in, the result will come back `undefined`. #### Step 3: **Trigger Login via VIVERSE Worlds** If login is required for your experience, an automated login and single sign-on (SSO) workflow is available. To request it, this method can be called, which will forward the user through this login flow within the iframe: ``` globalThis.viverseClient.loginWithWorlds() ``` **Step 4: Handle Post-Login State on Page Load** You can wrap your logic in an arrow function callback on the window's `load` event to handle the automatic login flow. ``` // this callback will run when the iframe is refreshed window.addEventListener('load', async () => { // reinitialize globalThis.viverseClient = new globalThis.viverse.client({ clientId: '{yourAppID}', domain: 'account.htcvive.com', // HTC Account domain cookieDomain: '{yourCookieDomain}', // Optional }); // check login status again const result = await globalThis.viverseClient.checkAuth(); if (result === undefined) { // This will cause a refresh globalThis.viverseClient.loginWithWorlds(); } else { // `result` contains credentials to make authorized requests } }); ``` If `result` has valid authorization credentials, you can then utilize features like the [Avatar SDK](/developer-tools/avatar-sdk.md), Leaderboard SDK and Matchmaking SDK. ## API Reference ### `new viverse.client(options)` Initializes a new VIVERSE client instance. | Parameter | Type | Description | Required | | ---------------- | -------- | ---------------------------------------------------------------- | -------- | | `options` | `object` | An object containing configuration for the client. | Yes | | ↳ `clientId` | `string` | Your App ID obtained from VIVERSE Studio. | Yes | | ↳ `domain` | `string` | The authentication domain. This should be `account.htcvive.com`. | Yes | | ↳ `cookieDomain` | `string` | The domain on which the cookie will be set for authentication. | No | ### `checkAuth()` Checks if the user is currently authenticated. Returns a `Promise` that resolves with the authentication object if successful, or `undefined` if not. **Returns:** `Promise` The resolved object will have the following properties: | Property | Type | Description | | -------------- | -------- | ---------------------------------------------------- | | `access_token` | `string` | The access token to be used in API requests. | | `account_id` | `string` | The unique user account ID. | | `expires_in` | `number` | Remaining token lifetime in seconds. | | `state` | `string` | Optional custom state value from the original login. | ### `loginWithWorlds(options)` Redirects the user to the VIVERSE Worlds login page to authenticate. This is used for Single Sign-On (SSO). After login, the page will be refreshed. | Parameter | Type | Description | Required | | --------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------- | -------- | | `options` | `object` | An object containing configuration for the client. | No | | ↳ `state` | `string` | A customize value. If this parameter is set in the request, then it is returned to the application as part of the redirection\_url. | No | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.viverse.com/developer-tools/login-and-authentication-for-the-sdk.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.