You can use Picket to gate access by a list of allowed wallets. All you need to do is pass the allowedWallets requirements to the login() function.
Login User w/ a Allowed Wallet List
import Picket from"@picketapi/picket-js";constpicket=newPicket('YOUR_PUBLISHABLE_KEY_HERE');// Restrict access to a set of predefined wallets constrequirements= { allowedWallets: ["0xYOUR","0xWALLET","0xADDRESSES","0xHERE"]}const { accessToken,user } =awaitpicket.login(requirements);console.log(user);
import { PicketProvider, usePicket } from"@picketapi/picket-react";functionMyApp({ children }) {return ( <PicketProviderapiKey="YOUR_PUBLISHABLE_KEY_HERE"> {children} </PicketProvider> );}// Restrict access to a set of predefined walletsconstrequirements= { allowedWallets: ["0xYOUR","0xWALLET","0xADDRESSES","0xHERE"]}functionMySecurePage() {const { isAuthenticating,isAuthenticated,authState,logout,login } =usePicket();// user is logging inif (isAuthenticating) return"Loading";// user is not logged inif (!isAuthenticated) {return ( <div> <p>You are not logged in!</p> <buttononClick={() =>login(requirements)}>Login with Wallet</button> </div> ) }// user is logged in ๐const { user } = authState;const { walletAddress } = user;return ( <div> <p>You are logged in as {walletAddress} </p> <buttononClick={() =>logout()}>Logout</button> </div> )}
You successfully restricted access to specific wallets
The returned access token can now act as secure proof of wallet ownership until expiration. It can be passed server side and verified there in order to restrict resources to specific wallets
If both allowedWallets and token ownership requirements are passed to the login function, then the user will be granted access if they either are on the allowed wallets list or meet the token ownership requirements.
Testing Tip
Using both allowedWallets and token ownership requirements can be helpful for testing a token-gating page, which you are developing, but don't own the necessary tokens for.
import Picket from"@picketapi/picket-js";constpicket=newPicket("YOUR_PUBLISHABLE_KEY_HERE");// Restrict access to a set of predefined wallets or token holdersconstrequirements= {// optional. The default chain is the Ethereum Mainnet chain:"ethereum",// Replace this example address with whichever contract you are verifying ownership for contractAddress:"0x8a90cab2b38dba80c64b7734e58ee1db38b8992e",// Replace with minimum balance you want to verify users' currently hold, // or omit if any number of tokens is sufficient minTokenBalance:1, allowedWallets: ["0xYOUR","0xWALLET","0xADDRESSES","0xHERE"]}const { accessToken,user } =awaitpicket.login(requirements);console.log(user);
import { PicketProvider, usePicket } from"@picketapi/picket-react";functionMyApp({ children }) {return ( <PicketProviderapiKey="YOUR_PUBLISHABLE_KEY_HERE"> {children} </PicketProvider> );}// Restrict access to a set of predefined wallets// Restrict access to a set of predefined wallets or token holdersconstrequirements= {// optional. The default chain is the Ethereum Mainnet chain:"ethereum",// Replace this example address with whichever contract you are verifying ownership for contractAddress:"0x8a90cab2b38dba80c64b7734e58ee1db38b8992e",// Replace with minimum balance you want to verify users' currently hold, // or omit if any number of tokens is sufficient minTokenBalance:1, allowedWallets: ["0xYOUR","0xWALLET","0xADDRESSES","0xHERE"]}functionMySecurePage() {const { isAuthenticating,isAuthenticated,authState,logout,login } =usePicket();// user is logging inif (isAuthenticating) return"Loading";// user is not logged inif (!isAuthenticated) {return ( <div> <p>You are not logged in!</p> <buttononClick={() =>login(requirements)}>Login with Wallet</button> </div> ) }// user is logged in ๐const { user } = authState;const { walletAddress } = user;return ( <div> <p>You are logged in as {walletAddress} </p> <buttononClick={() =>logout()}>Logout</button> </div> )}
Congrats ๐ your user is now successfully logged in. After authenticated/authorizing a user, you get an access token. You can use this access token to make secure requests to your backend. Read more in the working with access tokens guide.