# SignIn object (Legacy) > This page describes our legacy API, which will be removed in a future release. We recommend upgrading to [Core 3](https://clerk.com/docs/guides/development/upgrading/upgrade-guides/core-3.md?sdk=tanstack-react-start) and using the [SignInFuture](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in-future.md) object instead. The `SignIn` object holds the state of the current sign-in and provides helper methods to navigate and complete the sign-in process. It is used to manage the sign-in lifecycle, including the first and second factor verification, and the creation of a new session. The following steps outline the sign-in process: 1. Initiate the sign-in process by collecting the user's authentication information and passing the appropriate parameters to the [create()](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#create) method. 2. Prepare the first factor verification by calling [SignIn.prepareFirstFactor()](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#prepare-first-factor). Users _must_ complete a first factor verification. This can be something like providing a password, an email link, an OTP, a Web3 wallet address, or providing proof of their identity through an external social account (SSO/OAuth). 3. Attempt to complete the first factor verification by calling [SignIn.attemptFirstFactor()](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#attempt-first-factor). 4. Optionally, if you have enabled [multi-factor (MFA)](https://clerk.com/docs/guides/configure/auth-strategies/sign-up-sign-in-options.md?sdk=tanstack-react-start) for your application, you will need to prepare the second factor verification by calling [SignIn.prepareSecondFactor()](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#prepare-second-factor). 5. Attempt to complete the second factor verification by calling [SignIn.attemptSecondFactor()](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#attempt-second-factor). 6. If verification is successful, set the newly created session as the active session by passing the `SignIn.createdSessionId` to the [setActive()](https://clerk.com/docs/tanstack-react-start/reference/objects/clerk.md#set-active) method on the `Clerk` object. You may need to check for session tasks before the session can be set as active. ## Example See the [custom flow guides](https://clerk.com/docs/guides/development/custom-flows/authentication/legacy/email-password.md?sdk=tanstack-react-start) for comprehensive examples of using the `SignIn` object to build custom user interfaces with the Clerk API. ## Properties | Name | Type | Description | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | id | string | undefined | The unique identifier for the sign-in attempt. | | 'complete': The user is signed in and the custom flowA custom flow refers to a user interface built entirely from scratch using the Clerk API. Learn more about custom flows. can proceed to setActive() to create a session. | 'needs\_identifier': The user's identifier (e.g., email address, phone number, username) hasn't been provided. | | | 'email\_address' | 'phone\_number' | | | identifier | string | null | Optional if the strategy is set to 'oauth\_' or 'enterprise\_sso'. Required otherwise. The authentication identifier value for the current sign-in. | | supportedFirstFactors | SignInFirstFactor[] | Array of the first factorsFirst factor is the first factor of authentication that is required to complete the authentication process. For example, when a user signs in with email and password, the password is the first factor. First factor verification is the process of verifying a user's identity using a single factor. This can be compared to second factor verificationSecond factor verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), is the process of verifying a user's identity using an additional factor. For example, if a user signs in with their email and password, and then, is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their phone number, the OTP is the second factorA second factor is an additional factor of authentication that is required to complete the authentication process. For example, if a user signs in with their email and password, and then is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their email in order to verify their identity, the email OTP is the second factor.., also known as two-factor authentication (2FA) or multi-factor authentication (MFA), where the user needs to provide an additional factor to verify their identity. that are supported in the current sign-in. Each factor contains information about the verification strategy that can be used. See the SignInFirstFactor type reference for more information. | | supportedSecondFactors | SignInSecondFactor[] | Array of the second factorsSecond factor verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), is the process of verifying a user's identity using an additional factor. For example, if a user signs in with their email and password, and then, is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their phone number, the OTP is the second factorA second factor is an additional factor of authentication that is required to complete the authentication process. For example, if a user signs in with their email and password, and then is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their email in order to verify their identity, the email OTP is the second factor.. that are supported in the current sign-in. Each factor contains information about the verification strategy that can be used. This property is populated only when the first factorFirst factor is the first factor of authentication that is required to complete the authentication process. For example, when a user signs in with email and password, the password is the first factor. First factor verification is the process of verifying a user's identity using a single factor. This can be compared to second factor verificationSecond factor verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), is the process of verifying a user's identity using an additional factor. For example, if a user signs in with their email and password, and then, is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their phone number, the OTP is the second factorA second factor is an additional factor of authentication that is required to complete the authentication process. For example, if a user signs in with their email and password, and then is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their email in order to verify their identity, the email OTP is the second factor.., also known as two-factor authentication (2FA) or multi-factor authentication (MFA), where the user needs to provide an additional factor to verify their identity. is verified. See the SignInSecondFactor type reference for more information. | | firstFactorVerification | VerificationResource | The state of the verification process for the selected first factorFirst factor is the first factor of authentication that is required to complete the authentication process. For example, when a user signs in with email and password, the password is the first factor. First factor verification is the process of verifying a user's identity using a single factor. This can be compared to second factor verificationSecond factor verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), is the process of verifying a user's identity using an additional factor. For example, if a user signs in with their email and password, and then, is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their phone number, the OTP is the second factorA second factor is an additional factor of authentication that is required to complete the authentication process. For example, if a user signs in with their email and password, and then is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their email in order to verify their identity, the email OTP is the second factor.., also known as two-factor authentication (2FA) or multi-factor authentication (MFA), where the user needs to provide an additional factor to verify their identity.. Initially, this property contains an empty verification object, since there is no first factor selected. You need to call the prepareFirstFactor method in order to start the verification process. | | secondFactorVerification | VerificationResource | The state of the verification process for the selected second factorSecond factor verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), is the process of verifying a user's identity using an additional factor. For example, if a user signs in with their email and password, and then, is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their phone number, the OTP is the second factorA second factor is an additional factor of authentication that is required to complete the authentication process. For example, if a user signs in with their email and password, and then is asked to also provide an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. sent to their email in order to verify their identity, the email OTP is the second factor... Initially, this property contains an empty verification object, since there is no second factor selected. For the phone\_code strategy, you need to call the prepareSecondFactor method in order to start the verification process. For the totp strategy, you can directly attempt the verification by calling the attemptSecondFactor method. | | userData | UserData | An object containing information about the user of the current sign-in. This property is populated only once an identifier is given to the SignIn object. | | createdSessionId | string | null | The identifier of the session that was created upon completion of the current sign-in. The value of this property is null if the sign-in status is not 'complete'. | | clientTrustState | ClientTrustState | undefined | The Client Trust state for the sign-in when the user is signing in from a new device. Populated when the sign-in requires establishing client trust (e.g. status is 'needs\_client\_trust'). | ## Methods ### `attemptFirstFactor()` Attempts to complete the first factor verification process. This is a required step in order to complete a sign in, as users should be verified at least by one factor of authentication. Make sure that a `SignIn` object already exists before you call this method, either by first calling [SignIn.create()](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#create) or [SignIn.prepareFirstFactor()](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#prepare-first-factor). The only strategy that does not require a verification to have already been prepared before attempting to complete it is the `password` strategy. Depending on the strategy that was selected when the verification was prepared, the method parameters will be different. Returns a `SignIn` object. Check the `firstFactorVerification` attribute for the status of the first factor verification process. ```typescript function attemptFirstFactor(params: AttemptFirstFactorParams): Promise ``` #### `AttemptFirstFactorParams` | Name | Type | Description | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 'email\_code': User will receive an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. via email. At least one email address should be on file for the user. | 'phone\_code': User will receive an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. via SMS. At least one phone number should be on file for the user. | | | code? | string | Required if strategy is set to 'email\_code', 'phone\_code', 'reset\_password\_phone\_code', or 'reset\_password\_email\_code'. The OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. that was sent to the user. | | password? | string | Required if strategy is set to 'password'. The user's password string to be verified. | | signature? | string | Required if strategy is set to 'web3\_base\_signature', 'web3\_metamask\_signature', 'web3\_coinbase\_wallet\_signature', 'web3\_okx\_wallet\_signature', or 'web3\_solana\_signature'. The Web3 wallet generated signature to be verified. | ### `attemptSecondFactor()` Attempts to complete the second factor verification process, also known as [multi-factor authentication (MFA)](https://clerk.com/docs/guides/configure/auth-strategies/sign-up-sign-in-options.md?sdk=tanstack-react-start#multi-factor-authentication). > For the `phone_code` strategy, make sure that a verification has already been prepared before you call this method, by first calling [SignIn.prepareSecondFactor](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#prepare-second-factor). Returns a `SignIn` object. Check the `secondFactorVerification` attribute for the status of the second factor verification process. ```typescript function attemptSecondFactor(params: AttemptSecondFactorParams): Promise ``` #### `AttemptSecondFactorParams` | Name | Type | Description | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | 'phone\_code': User will receive an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. via SMS. At least one phone number should be on file for the user. | 'totp': User must provide a 6-digit TOTP code generated by their authenticator app. The user must have previously created a TOTP secret and registered it in their authenticator app using a QR code, URI, or by manually entering the secret. | | | For the 'phone\_code' strategy: The OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. that was sent to the user as part of the prepareSecondFactor() step. | For the 'totp' strategy: The TOTP generated by the user's authenticator app. | | ### `authenticateWithBase()` Initiates an authentication flow using Base, allowing users to authenticate via their Web3 wallet address. This method prompts the user to connect their Base account and sign a message to verify ownership of the wallet address. ```typescript function authenticateWithBase(): Promise ``` ### `authenticateWithCoinbaseWallet()` Initiates an authentication flow using the Coinbase Wallet browser extension, allowing users to authenticate via their Web3 wallet address. This method prompts the user to connect their Coinbase Wallet and sign a message to verify ownership of the wallet address. ```typescript function authenticateWithCoinbaseWallet(): Promise ``` ### `authenticateWithMetamask()` Initiates an authentication flow using the MetaMask browser extension, allowing users to authenticate via their Ethereum wallet address. This method prompts the user to connect their MetaMask wallet and sign a message to verify ownership of the wallet address. ```typescript function authenticateWithMetamask(): Promise ``` ### `authenticateWithOKXWallet()` Initiates an authentication flow using the OKX Wallet browser extension, allowing users to authenticate via their Web3 wallet address. This method prompts the user to connect their OKX Wallet and sign a message to verify ownership of the wallet address. ```typescript function authenticateWithOKXWallet(): Promise ``` ### `authenticateWithSolana()` Initiates an authentication flow using the user's Solana wallet provider, allowing users to authenticate via their Solana wallet address. This method prompts the user to connect their Solana wallet and sign a message to verify ownership of the wallet address. The `walletName` parameter specifies which Solana wallet provider to use for the authentication process, which is required to initiate the connection and signature request. ```typescript function authenticateWithSolana(params: SignInAuthenticateWithSolanaParams): Promise ``` #### `SignInAuthenticateWithSolanaParams` | Name | Type | Description | | ---------- | ------ | ----------------------------------------------------------------------------- | | walletName | string | The name of the Solana wallet provider to use for the authentication process. | ### `authenticateWithPasskey()` Initiates a passkey-based authentication flow, enabling users to authenticate using a previously registered passkey. When called without parameters, this method requires a prior call to `SignIn.create({ strategy: 'passkey' })` to initialize the sign-in context. This pattern is particularly useful in scenarios where the authentication strategy needs to be determined dynamically at runtime. ```ts function authenticateWithPasskey(params?: AuthenticateWithPasskeyParams): Promise ``` ##### `AuthenticateWithPasskeyParams` | Name | Type | Description | | ------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | ----------- | | 'autofill': The client prompts your users to select a passkey before they interact with your app. | 'discoverable': The client requires the user to interact with the client. | | ### `authenticateWithRedirect()` Signs in a user via a Single Sign On (SSO) connection, such as OAuth or SAML, where an external account is used for verifying the user's identity. ```typescript function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promise ``` #### `AuthenticateWithRedirectParams` | Name | Type | Description | | ----------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | OAuthStrategy: The user will be authenticated with their social connection account. | 'enterprise\_sso': The user will be authenticated either through SAML or OIDC depending on the configuration of their enterprise SSO account. | | | redirectUrl | string | The full URL or path that the OAuth provider should redirect to, on successful authorization on their part. Typically, this will be a simple /sso-callback route that calls Clerk.handleRedirectCallback or mounts the component. See the custom flow for implementation details. | | redirectUrlComplete | string | The full URL or path that the user will be redirected to once the sign-in is complete. | | continueSignUp? | boolean | undefined | Whether to continue (i.e. PATCH) an existing SignUp (if present) or create a new SignUp. | | continueSignIn? | boolean | undefined | Whether to continue (i.e. PATCH) an existing SignIn (if present) or create a new SignIn. | | identifier? | string | undefined | The ID used to target an enterprise connection during sign-in. | | emailAddress? | string | undefined | The email address used to target an enterprise connection during sign-in. | | legalAccepted? | boolean | undefined | Indicates whether the user has agreed to the legal compliance documents. | | oidcPrompt? | string | The value to pass to the OIDC prompt parameter in the generated OAuth redirect URL. | | enterpriseConnectionId? | string | Optional if the strategy is set to enterprise\_sso. The identifier of the enterprise connection to target during sign-in. This is required if there are multiple enterprise connections configured in the instance. | ### `authenticateWithPopup()` Opens a popup window to allow a user to sign in via a Single Sign On (SSO) connection, such as OAuth or SAML, where an external account is used for verifying the user's identity. ```typescript function authenticateWithPopup(params: AuthenticateWithPopupParams): Promise ``` #### `AuthenticateWithPopupParams` | Name | Type | Description | | ------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | redirectUrl | string | The full URL or path that the OAuth provider should redirect to after successful authorization on their part. Typically, this will be a simple /sso-callback route that either calls Clerk.handleRedirectCallback or mounts the component. See the custom flow for implementation details. | | redirectUrlComplete | string | The full URL or path to navigate to after the OAuth or SAML flow completes. | | 'oauth\_': The user will be authenticated with their social connection account. See a list of supported values for . | 'enterprise\_sso': The user will be authenticated either through SAML or OIDC depending on the configuration of their enterprise SSO account. | | | popup | Window | A reference to a popup window opened via window\.open(). | | continueSignUp? | boolean | undefined | Whether to continue (i.e. PATCH) an existing SignUp (if present) or create a new SignUp. | | continueSignIn? | boolean | undefined | Whether to continue (i.e. PATCH) an existing SignIn (if present) or create a new SignIn. | | emailAddress? | string | undefined | Email address to use for targeting an enterprise connection at sign-up. | | identifier? | string | undefined | Identifier to use for targeting an enterprise connection at sign-up. | | legalAccepted? | boolean | A boolean indicating whether the user has agreed to the legal compliance documents. | | unsafeMetadata? | SignUpUnsafeMetadata | Metadata that can be read and set from the frontend. Once the sign-up is complete, the value of this field will be automatically copied to the newly created user's unsafe metadata. One common use case for this attribute is to use it to implement custom fields that can be collected during sign-up and will automatically be attached to the created User object. | | oidcPrompt? | string | The value to pass to the OIDC prompt parameter in the generated OAuth redirect URL. | | enterpriseConnectionId? | string | Optional if the strategy is set to enterprise\_sso. The identifier of the enterprise connection to target during sign-up. This is required if there are multiple enterprise connections configured in the instance. | ### `authenticateWithWeb3()` Initiates a Web3 authentication flow by verifying the user's ownership of a blockchain wallet address through cryptographic signature verification. This method enables decentralized authentication without requiring traditional credentials. > When the `strategy` is `web3_solana_signature`, the `walletName` parameter must be specified to indicate which Solana wallet provider to use for the authentication process. ```typescript function authenticateWithWeb3(params: AuthenticateWithWeb3Params): Promise ``` #### `AuthenticateWithWeb3Params` | Name | Type | Description | | ----------------- | --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | | identifier | string | The user's Web3 ID. | | generateSignature | (opts: GenerateSignatureParams) => Promise | The method of how to generate the signature for the Web3 sign-in. See GenerateSignatureParams for more information. | | strategy? | Web3Strategy | The Web3 verification strategy. | | walletName? | string | The name of the wallet provider to use for the authentication process. This parameter is required when using web3\_solana\_signature as the strategy. | ##### `GenerateSignatureParams` | Name | Type | Description | | ----------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------ | | identifier | string | The user's Web3 wallet address. | | nonce | string | The cryptographic nonce used in the sign-in. | | provider? | Web3Provider | The Web3 provider to generate the signature with. See Web3Provider for more information. | | walletName? | string | The name of the wallet provider to use for the authentication process. This parameter is required when using solana as the provider. | ### `create()` Creates and returns a new `SignIn` instance initialized with the provided parameters. The instance maintains the sign-in lifecycle state through its `status` property, which updates as the authentication flow progresses. This method serves as the entry point for initiating a sign-in flow. What you must pass to `params` depends on which [sign-in options](https://clerk.com/docs/guides/configure/auth-strategies/sign-up-sign-in-options.md?sdk=tanstack-react-start) you have enabled in your app's settings in the Clerk Dashboard. You can complete the sign-in process in one step if you supply the required fields to `create()`. Otherwise, Clerk's sign-in process provides great flexibility and allows users to easily create multi-step sign-in flows. > Once the sign-in process is complete, pass the `createdSessionId` to the [setActive()](https://clerk.com/docs/tanstack-react-start/reference/objects/clerk.md#set-active) method on the `Clerk` object. This will set the newly created session as the active session. ```typescript function create(params: SignInCreateParams): Promise ``` #### `SignInCreateParams` | Name | Type | Description | | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | 'password': The verification will attempt to be completed using the user's password. | 'email\_link': User will receive an email magic link via email. The identifier parameter can also be specified to select one of the user's known email addresses. The redirectUrl parameter can also be specified. | | | identifier | string | The authentication identifier for the sign-in. This can be the value of the user's email address, phone number, username, or Web3 wallet address. | | password? | string | The user's password. Only supported if strategy is set to 'password' and Password is enabled. | | ticket? | string | Required if strategy is set to 'ticket'. The ticket or token generated from the Backend API. | | redirectUrl? | string | If strategy is set to 'oauth\_' or 'enterprise\_sso', this specifies the full URL or path that the OAuth provider should redirect to after successful authorization on their part. Typically, this will be a simple /sso-callback route that either calls Clerk.handleRedirectCallback or mounts the component. See the custom flow for implementation details. If strategy is set to 'email\_link', this specifies the URL that the user will be redirected to when they visit the email link. See the custom flow for implementation details. | | actionCompleteRedirectUrl? | string | Optional if strategy is set to 'oauth\_' or 'enterprise\_sso'. The URL that the user will be redirected to, after successful authorization from the OAuth provider and Clerk sign-in. | | transfer? | boolean | When set to true, the SignIn will attempt to retrieve information from the active SignUp instance and use it to complete the sign-in process. This is useful when you want to seamlessly transition a user from a sign-up attempt to a sign-in attempt. | | oidcPrompt? | string | Optional if strategy is set to 'oauth\_' or 'enterprise\_sso'. The value to pass to the OIDC prompt parameter in the generated OAuth redirect URL. | | oidcLoginHint? | string | Optional if strategy is set to 'oauth\_' or 'enterprise\_sso'. The value to pass to the OIDC login\_hint parameter in the generated OAuth redirect URL. | ### `createEmailLinkFlow()` Creates a flow for authenticating users via email links. This method returns functions for initiating and canceling the email link verification process; see the [returns](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#returns) section for more information. ```typescript function createEmailLinkFlow(): { startEmailLinkFlow: (params: SignInStartEmailLinkFlowParams) => Promise cancelEmailLinkFlow: () => void } ``` #### Returns `createEmailLinkFlow` returns an object with two functions: | Name | Type | Description | | ------------------- | ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------- | | startEmailLinkFlow | (params: SignInStartEmailLinkFlowParams) => Promise | Function to start the email link flow. It prepares an email link verification and polls for the verification result. | | cancelEmailLinkFlow | () => void | Function to cleanup the email link flow. Stops waiting for verification results. | #### `SignInStartEmailLinkFlowParams` | Name | Type | Description | | -------------- | ------ | --------------------------------------------------------------------------------------------------------------- | | emailAddressId | string | The ID of the user's email address that's going to be used as the first factor identification for verification. | | redirectUrl | string | The full URL that the user will be redirected to when they visit the email link. | ### `prepareFirstFactor()` Begins the first factor verification process. This is a required step in order to complete a sign in, as users should be verified at least by one factor of authentication. Common scenarios are OTP or social account (SSO) verification. This is determined by the accepted `strategy` parameter values. Each authentication identifier supports different strategies. Returns a `SignIn` object. Check the `firstFactorVerification` attribute for the status of the first factor verification process. ```typescript function prepareFirstFactor(params: PrepareFirstFactorParams): Promise ``` #### `PrepareFirstFactorParams` | Name | Type | Description | | --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 'email\_link': User will receive an email magic link via email. | 'email\_code': User will receive an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. via email. Requires emailAddressId parameter to be set. | | | emailAddressId? | string | Required if strategy is set to 'email\_code' or 'reset\_password\_email\_code'. The ID for the user's email address that will receive an email with the OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid.. | | phoneNumberId? | string | Required if strategy is set to 'phone\_code' or 'reset\_password\_phone\_code'. The ID for the user's phone number that will receive an SMS message with the OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid.. | | default? | boolean | Optional if strategy is set to 'phone\_code'. Whether this phone number is the default for the strategy. | | channel? | string | Optional if strategy is set to 'phone\_code'. The channel to use for sending the OTP (e.g. 'sms'). | | web3WalletId? | string | Required if strategy is set to 'web3\_base\_signature', 'web3\_metamask\_signature', 'web3\_coinbase\_wallet\_signature', 'web3\_okx\_wallet\_signature', or 'web3\_solana\_signature'. The ID for the user's Web3 wallet address. | | redirectUrl? | string | Required if strategy is set to 'oauth\_' or 'enterprise\_sso'. The full URL or path that the OAuth provider should redirect to after successful authorization on their part. Typically, this will be a simple /sso-callback route that either calls Clerk.handleRedirectCallback() or mounts the component. See the custom flow for implementation details. Required if strategy is set to 'email\_link'. The full URL that the user will be redirected to when they visit the email link. See the custom flow for implementation details. | | actionCompleteRedirectUrl? | string | Required if strategy is set to 'oauth\_' or 'enterprise\_sso'. The URL that the user will be redirected to once the first factor verification is complete. | ### `prepareSecondFactor()` Begins the second factor verification process, also known as [multi-factor authentication (MFA)](https://clerk.com/docs/guides/configure/auth-strategies/sign-up-sign-in-options.md?sdk=tanstack-react-start#multi-factor-authentication). > If the `strategy` was set to `totp` (e.g. `SignIn.create({ strategy: 'totp' })`), it does not require preparation. You can directly attempt the second factor verification by calling [SignIn.attemptSecondFactor](https://clerk.com/docs/tanstack-react-start/reference/objects/sign-in.md#attempt-second-factor). Returns a `SignIn` object. Check the `secondFactorVerification` attribute for the status of the second factor verification process. ```typescript function prepareSecondFactor(params: PrepareSecondFactorParams): Promise ``` #### `PrepareSecondFactorParams` | Name | Type | Description | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 'phone\_code': User will receive an OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. via SMS. At least one phone number should be on file for the user. | | | | phoneNumberId | string | The ID for the user's phone number that will receive an SMS message with the OTPA one-time password (OTP) is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid.. | ### `resetPassword()` Resets a user's password. It's recommended to use the [custom flow for resetting a user's password](https://clerk.com/docs/guides/development/custom-flows/authentication/forgot-password.md?sdk=tanstack-react-start) instead. ```typescript function resetPassword(params: ResetPasswordParams): Promise ``` #### `ResetPasswordParams` | Name | Type | Description | | ----------------------- | -------------------- | ---------------------------------------------------------------- | | password | string | The user's new password. | | signOutOfOtherSessions? | boolean | undefined | If true, signs the user out of all other authenticated sessions. | ### `validatePassword()` Validates a password against the instance's password policy (e.g. minimum length, complexity). Uses the same rules as the Clerk Dashboard configuration. Useful for client-side validation before submitting a sign-up or password reset. Accepts a callback that receives validation errors. ```typescript function validatePassword( password: string, callback?: (errors: string[]) => void, ): boolean | undefined ``` --- ## Sitemap [Overview of all docs pages](https://clerk.com/docs/llms.txt)