Webview Authentication
MentraOS provides a simple and secure way for apps to identify users within webviews. When a user opens your web application through the MentraOS Mobile App, you can automatically identify them without requiring a separate login process.
// Example of using webview authentication in your app
import {AppServer, AuthenticatedRequest} from "@mentra/sdk"
const server = new AppServer({
packageName: "org.example.myapp",
apiKey: process.env.API_KEY, // Load from environment variables
})
const app = server.getExpressApp()
app.get("/webview", (req: AuthenticatedRequest, res) => {
const userId = req.authUserId
if (userId) {
// User is authenticated, show personalized content
res.send(`Welcome user ${userId}!`)
} else {
// User is not authenticated
res.send("Please open this page from the MentraOS app, or <a href='/mentra-auth'>login with Mentra</a>")
}
})
What Is Webview Authentication?
Webview authentication lets your web application identify MentraOS users without requiring them to log in separately
When a user opens your webview through the MentraOS Mobile App:
- The manager app automatically appends a temporary authentication token to your URL
- The MentraOS SDK middleware automatically exchanges this token for the user's ID
- Your webview can then provide a personalized experience based on the user's identity
When a user opens your website through their browser on their phone or computer:
- You can redirect them to the MentraOS OAuth flow by redirecting them to the
/mentra-authendpoint. - The MentraOS OAuth flow will redirect them back to your website's main webview url, with a token in the query parameters.
- The MentraOS SDK will automatically exchange this token for the user's ID.
- Your webview can then provide a personalized experience based on the user's identity.
How It Works
1. Include a Webview in Your App
First, specify a webview URL in your app's configuration through the MentraOS Developer Console:
- Log in to the MentraOS Developer Console
- Navigate to your app's settings
- Add your
Webview URL - Save your changes
2. Set Up Authentication with the SDK
The MentraOS SDK provides built-in middleware that handles the token exchange process automatically:
import {AppServer, AuthenticatedRequest} from "@mentra/sdk"
// Create an app server instance
const server = new AppServer({
packageName: "org.example.myapp",
apiKey: process.env.API_KEY, // Load from environment variables, never check it into source control
})
// The SDK automatically sets up the authentication middleware
3. Access User ID in Your Routes
In your Express route handlers, access the authenticated user ID:
const app = server.getExpressApp()
app.get("/webview", (req: AuthenticatedRequest, res) => {
// Access the authenticated user ID
const userId = req.authUserId
if (userId) {
// User is authenticated, provide personalized content
res.render("dashboard", {
userId,
})
} else {
// User is not authenticated
res.render("login", {
message: "Please open this page from the MentraOS app",
})
}
})
4. Redirect to the MentraOS OAuth flow if the user isn't logged in automatically
If the user isn't logged in automatically, you can redirect them to the MentraOS OAuth flow by redirecting them to the /mentra-auth endpoint.
<a href="/mentra-auth">
<img src="https://account.mentra.glass/sign-in-mentra.png" alt="Sign in with Mentra" width="140" height="50" />
</a>
You can use the "Sign in with Mentra" image as the login button: https://account.mentra.glass/sign-in-mentra.png
Common Use Cases
Webview authentication enables:
- Personalized dashboards and content
- User-specific settings and preferences
- Integration with your existing user database
- Seamless experiences without additional login steps
React Webviews
If you want to build your frontend webview using React, see the React Webviews guide.