Para supports password and PIN-based authentication as alternatives to passkeys. When enabled on your API key, users create or enter their credentials on Para’s secure portal, which opens in the device browser. This is an optional enhancement — basic email/phone login works without any additional security method.
Prerequisites
Enable in Developer Portal
Password and PIN authentication must be enabled in your under the Security settings for your API key. Once enabled, authenticateWithEmailOrPhone() will return passwordUrl or pinUrl in the auth state, and the state listener will automatically open them.
How It Works
When a user signs up or logs in with password/PIN enabled, the SDK generates a passwordUrl or pinUrl. This URL points to Para’s hosted portal where the user enters their credentials securely.
On mobile, you open this URL in the device’s in-app browser. After the user completes the portal flow, call waitForWalletCreation() (new users) or waitForLogin() (existing users) to poll until the session is confirmed.
Implementation
import InAppBrowser from 'react-native-inappbrowser-reborn';
const APP_SCHEME = 'your-app-scheme';
// After authenticateWithEmailOrPhone resolves with passwordUrl or pinUrl in authStateInfo:
// For new users creating a password
if (authState.passwordUrl) {
await InAppBrowser.openAuth(authState.passwordUrl, `${APP_SCHEME}://para`);
await para.waitForWalletCreation({});
}
// For existing users logging in with password
if (authState.passwordUrl) {
await InAppBrowser.openAuth(authState.passwordUrl, `${APP_SCHEME}://para`);
await para.waitForLogin({});
}
import { openAuthSessionAsync } from 'expo-web-browser';
const APP_SCHEME = 'your-app-scheme';
// After authenticateWithEmailOrPhone resolves with passwordUrl or pinUrl in authStateInfo:
// For new users creating a password
if (authState.passwordUrl) {
await openAuthSessionAsync(authState.passwordUrl, `${APP_SCHEME}://para`);
await para.waitForWalletCreation({});
}
// For existing users logging in with password
if (authState.passwordUrl) {
await openAuthSessionAsync(authState.passwordUrl, `${APP_SCHEME}://para`);
await para.waitForLogin({});
}
The same pattern applies for PIN authentication. Replace authState.passwordUrl with authState.pinUrl depending on which method is configured for your API key.
Using with the State Listener
If you’re using authenticateWithEmailOrPhone() with the onStatePhaseChange listener from the authentication guide, passwordUrl and pinUrl are already handled automatically. The listener opens these URLs when they appear in authStateInfo, so no additional code is needed.
Next Steps
