This guide will help you set up authentication so your users can perform writes. Authentication is not needed if you are only querying streams.
Authentication requires having installed a Ceramic client. Your client should include the DID Resolver(s) for the DID method(s) you will use for authentication.
1. Choose a DID method¶
The first step in adding authentication to your project is choosing which DID method to use for authentication.
PKH DID Method: A DID method that natively supports blockchain accounts, default usage with did-session allows capabality and session usage.
3ID DID Method: A powerful DID method that supports multiple keys, key rotations, and revocations
Key DID Method: A lightweight DID method that only supports one key and cannot handle rotations
NFT DID Method: A lightweight DID method with permissions that change based on on-chain NFT asset ownership
Safe DID Method coming soon: A lightweight DID method with permissions that change based on on-chain Gnosis Safe contract permissions
It is recommended that most applications use the PKH DID Method with DID Session.
2. Install a DID Provider¶
After choosing a DID method, install a DID provider for that method.
PKH DID Providers¶
DID Session is the most popular DID Provider for Ceramic web apps. DID-Session allows developers to use capabilities to permission and manage sessions for a users blockchain account (PKH DID). Sessions allow users to only sign with their blockchain wallets once and then continue to sign Ceramic transactions in their browser for the duration of the session.
Recommended for most browser applications.
3ID DID Providers¶
3ID Connect SDK allows users to authenticate a 3ID DID using their existing blockchain wallets without needing to install any additional software. Developers do not need to worry about DID key management for their users. For most use cases it is now suggested to use did-session over 3id-connect.
3ID DID Provider¶
Key DID Providers¶
Key DID Provider Ed25519¶
Ed25519 key pairs. Your application is responsible for key managemet, and users need to authenticate with a DID seed.