React in five lines.
Wrap your app in TillAuthProvider, call useSignIn, ship. The provider auto-refreshes tokens, catches OAuth fragments, and exposes a consistent session object.
1 · Get an app ID
Sign in to the dashboard, open TillDev → TillAuth → All apps, click + New app. Pick a name and a slug (your hosted-login URL becomes <slug>.tilldev.app). Copy the public app ID — looks like tau_pub_….
2 · Install
3 · Wrap your root
Set NEXT_PUBLIC_TILLAUTH_APP_ID in your env to your app's public ID. Build-time inline; client code reads it from the bundle.
4 · Sign in
That's it for password auth. If the user has MFA enrolled, signIn() returns { ok: false, mfa_required: true, challenge_token } — pass the challenge to useMfa().verify() with the user's TOTP code.
5 · Read the session anywhere
useSession() returns { user, access_token } | null with full type safety. The provider auto-refreshes the access token 60s before expiry, so this stays current as long as the tab is open.
What's next
- Add passkeys — one extra hook, one CTA button.
- Wire Google + GitHub — per-app client IDs, no SDK changes.
- Verify JWTs on your server — use the matching Node SDK.