Authentication Guide

HeroBoost supports multiple authentication methods.

Login Methods

1. X Social Login

  • Status: ✅ Available
  • How it works: Login with X account via Alchemy Smart Wallet
  • Features: Automatic account creation, X profile data sync
  • Use case: Best for users who want to become heroes

2. Email Login

  • Status: ✅ Available
  • How it works: Email/password authentication via Auth0
  • Features: Traditional email/password login
  • Use case: Users who prefer email-based authentication

3. Google/Facebook Login

  • Status: ✅ Available
  • How it works: OAuth login via Auth0
  • Features: One-click login with Google/Facebook account
  • Use case: Quick login for users with Google/Facebook accounts

4. EOA Wallet (MetaMask/Rabby)

  • Status: ✅ Available
  • How it works: Connect external wallet, sign message to verify
  • Features: Direct wallet connection, signature verification
  • Use case: Users who prefer wallet-based authentication

Account Linking

You can link multiple login methods to one account:

  • Link X account to existing email account
  • Link Google/Facebook to existing account
  • Link EOA wallet to existing account

Note: Each login method can only be linked to one account.

Security

  • Zero Trust Architecture - Server-side session verification
  • JWT Tokens - Secure token-based authentication
  • HTTP-only Cookies - Tokens stored securely
  • Signature Verification - EOA wallets require signature verification

Troubleshooting

Can't login with X

  • Check if X account is authorized
  • Try clearing browser cookies
  • Contact support if issue persists

Can't connect wallet

  • Ensure wallet extension is installed
  • Check if wallet is unlocked
  • Try signing the verification message again

Facebook shows "App not active" (popup from facebook.com)

  • This message comes from Meta, not from HeroBoost. The Facebook Login product for the app tied to your Alchemy project is inactive, restricted, or still in Development without your Facebook account added as a Tester.
  • Developer checklist: Meta for Developers → your app → App mode (switch to Live when ready, or add Roles → Test users while in Development) → complete any required Data use checkup or alerts shown on the app dashboard. In Alchemy Dashboard → your app → authentication / embedded accounts settings, confirm Facebook OAuth is configured and matches an active Meta app.
  • Reload on Meta’s error page often does nothing until the app status changes — close the popup and use email or Google, or set NEXT_PUBLIC_ENABLE_FACEBOOK_LOGIN=false in .env.local to hide the Facebook button until Meta is fixed (see env.local.example).

Last Updated: 2026-04-25

Previous
Getting Started
Quick start guide
Next
Wallet Management
Wallet setup, deposit, withdraw