Skip to main content
Package: @hyperauth/react

HyperAuthProvider

Context provider that initializes HyperAuthClient and makes it available to the component tree via useHyperAuth.

Props

Behavior

  • Calls createClient(config) once on mount inside a useEffect.
  • Sets status to 'initializing' during setup, 'ready' on success, 'error' on failure.
  • Parses projectId as a UCAN policy and exposes it as policy on the context.
  • Reacts to chain prop changes without restarting the worker.
  • Calls client.close() on unmount.
  • Uses a useRef guard to prevent double-initialization in React Strict Mode.
The provider spawns browser workers at mount, so it must render on the client. In server-rendered frameworks such as Next.js App Router, import it through next/dynamic with ssr: false. See Next.js App Router for a full example.

useHyperAuth

Returns the current HyperAuthContext value. Throws ClientStateError if called outside HyperAuthProvider.

Signature

Return type

HyperAuthStatus


useRegistration

Manages the full 12-step registration pipeline: alias availability check, passkey creation, identity generation, account prediction, fee sponsorship, UserOp signing, submission, and session persistence.

Signature

Return type


RegistrationPhase


RegistrationStep

The 12 step labels, in order:

IdentityState

Populated after step 2 ('generating-identity'). Available via identity before result is set.

RegistrationOutcome

Populated on successful completion (phase === 'complete').

cspManifest

Object describing the Content Security Policy directives the SDK requires to boot. Merge these into your app’s CSP — otherwise the workers fail to start, OPFS writes are blocked, or the bundler ALPN handshake silently drops.

Shape


cspManifestString

Returns cspManifest serialized as a single CSP header value. Use this when you compose the CSP at request time, for example from a Next.js proxy or middleware.

Signature

Example

cspManifest does not include style-src. Next.js Server Components, next-themes, and framer-motion inject inline <style> tags; the standard workaround is to add style-src 'self' 'unsafe-inline' alongside the SDK directives.