Picket Docs
  • ๐Ÿ‘‹Welcome to Picket
  • Quick Start Guides
    • ๐Ÿš€Quick Start Guides
      • โš™๏ธStart Here: Setup
      • ๐Ÿ”Wallet Login
      • ๐Ÿช™Token Gating (Ethereum / EVM)
      • ๐ŸคบToken Gating (Solana)
      • ๐Ÿคนโ€โ™‚๏ธIncremental Token Gating
      • โ›”Restrict Access to Specific Wallets
      • ๐Ÿ”‘Working with Access Tokens
  • Reference
    • ๐ŸŽ“Concepts
      • ๐ŸŒŠAuth Flow
      • ๐Ÿ—ƒ๏ธConnect
      • โœ๏ธSignatures
      • ๐Ÿ”Authentication and Authorization
      • ๐ŸคนIncremental Authorization
      • ๐Ÿช™Access Tokens
      • ๐ŸงชTesting
      • โ‰๏ธErrors
      • โ›“๏ธSupported Blockchains
      • ๐ŸŒSupported Languages (Localization)
      • ๐ŸŽจModal Themes
      • ๐Ÿ’ฟOpen Source Web3 Client Libraries
    • ๐Ÿ“šLibraries and SDKs
      • Javascript Library - picket-js
      • React SDK - picket-react
      • Node.js Library - picket-node
      • Go Library - picket-go
      • Python Library - picket-python
    • ๐Ÿ”ฅIntegrations
      • ๐ŸŒˆPicket Authentication with RainbowKit
      • โšกSupabase
      • โ˜๏ธAmazon Cognito
      • ๐Ÿ›๏ธPicket Shopify App - Merchant Documentation
      • ๐Ÿ›’Picket BigCommerce App - Merchant Documentation
    • ๐Ÿ“–API Reference
      • Projects & API Keys
      • Auth
      • Chains
      • Wallets
      • Contracts
      • OAuth 2.0
  • ๐Ÿ•น๏ธTutorials
    • ๐ŸŒŽSign-In with Wallet (React)
    • ๐ŸฐToken Gated Photo Board (React)
    • ๐Ÿ”—Link a Wallet to a Web 2.0 Account
    • ๐ŸคIncremental Authorization (React)
Powered by GitBook
On this page
  • What is Incremental Authorization?
  • When to Use Incremental Authorization?
  • Why Use Picket for Incremental Authorization?
  • How it Works
  • The Authorize (Authz) Endpoint
  1. Reference
  2. Concepts

Incremental Authorization

Incrementally authorize users for different parts of your app

PreviousAuthentication and AuthorizationNextAccess Tokens

Last updated 2 years ago

Incremental Authorization Demo

Click the link to see a live demo of

What is Incremental Authorization?

The best example of incremental authorization is a Web3 community site. Imagine every NFT has an exclusive community site. Only token holders can access their NFTs' respective communities and content. With an infinite number of possible NFT-based communities, it would be impossible to check if a user has access to every community on the site at once; instead, we want to verify a user's token ownership incrementally.

Picket incremental authorization makes managing access across different token-gated communities and content simple. With Picket incremental authorization, users log in once and gradually prove token ownership to access various token-gated communities.

Once users prove token ownership, they don't need to be re-authorized until they log out. Picket handles the complexity of caching, refreshing, and validating token balances for a user.

When to Use Incremental Authorization?

The two most common use cases for incremental authorization are

1. An app that gates different content by different tokens

For example, an NFT-based Reddit, which requires NFT ownership to access the NFT's subreddit.

In this scenario, each time users try access a a subreddit, Picket will verify they have the required NFT. Once verified, users will have access to that subreddit for the remainder of their session or until they logout.

2. An app where token ownership enhances the user experience rather than gates it

For example, a social web3 app in which users log in with their wallet to view content; however, only owners of the community token can post and comment on content.

In this scenario, users will log in with Picket to access the app. Any attempts to create or comment on content will be restricted to only token holders.

Why Use Picket for Incremental Authorization?

As always, Picket makes incremental authorization as simple as a few API calls.

Picket handles the heavy lifting around updating users' session access tokens, caching token balances, revalidating permissions, and more. No matter the environment, Picket helps you keep the content secure. The developer experience is seamless across the Frontend and Backend.

How it Works

Picket JS / Picket React

If you are using a Picket client library like picket-js or picket-react, incremental authorization works out of the box! If you are curious about what is going on under-the-hood, keep reading.

The Authorize (Authz) Endpoint

The /authz endpoint powers Picket's incremental auth

๐ŸŽ“
๐Ÿคน
Picket Incremental Authorization
Auth
End-to-End Incremental Authorization Flow