fix: update sponsored signer question

Formatting

bin/init.js

@@ -354,15 +354,7 @@ export async function init(
       {
         type: 'confirm',
         name: 'useSponsoredSigner',
-        message:
+        message: 'Do you want to write data to Farcaster?\n\nThis feature uses Neynar Sponsored Signers to sign messages on behalf of users.' + 
-          'Would you like to use Neynar Sponsored Signers and/or Sign In With Neynar (SIWN)?\n' +
-          'This enables the simplest, most secure, and most user-friendly Farcaster authentication for your app.\n\n' +
-          'Benefits of using Neynar Sponsored Signers/SIWN:\n' +
-          '- No auth buildout or signer management required for developers\n' +
-          '- Cost-effective for users (no gas for signers)\n' +
-          '- Users can revoke signers at any time\n' +
-          '- Plug-and-play for web and React Native\n' +
-          '- Recommended for most developers\n' +
           '\n⚠️ A seed phrase is required for this option.\n',
         default: false,
       },
@@ -460,11 +452,11 @@ export async function init(
   // Add dependencies
   packageJson.dependencies = {
     '@farcaster/auth-client': '>=0.3.0 <1.0.0',
-    '@farcaster/auth-kit': '>=0.6.0 <1.0.0',
     '@farcaster/miniapp-node': '>=0.1.5 <1.0.0',
     '@farcaster/miniapp-sdk': '>=0.1.6 <1.0.0',
     '@farcaster/miniapp-wagmi-connector': '^1.0.0',
     '@farcaster/mini-app-solana': '>=0.0.17 <1.0.0',
+    '@farcaster/quick-auth': '>=0.0.7 <1.0.0',
     '@neynar/react': '^1.2.5',
     '@radix-ui/react-label': '^2.1.1',
     '@solana/wallet-adapter-react': '^0.15.38',
@@ -476,7 +468,6 @@ export async function init(
     'lucide-react': '^0.469.0',
     mipd: '^0.0.7',
     next: '^15',
-    'next-auth': '^4.24.11',
     react: '^19',
     'react-dom': '^19',
     'tailwind-merge': '^2.6.0',
@@ -487,7 +478,14 @@ export async function init(
     siwe: '^3.0.0',
   };
 
+  // Add auth-kit and quick-auth dependencies if useSponsoredSigner is true
+  if (answers.useSponsoredSigner) {
+    packageJson.dependencies['@farcaster/auth-kit'] = '>=0.6.0 <1.0.0';
+    packageJson.dependencies['next-auth'] = '^4.24.11';
+  }
+
   packageJson.devDependencies = {
+    '@types/inquirer': '^9.0.8',
     '@types/node': '^20',
     '@types/react': '^19',
     '@types/react-dom': '^19',
@@ -499,8 +497,8 @@ export async function init(
     'pino-pretty': '^13.0.0',
     postcss: '^8',
     tailwindcss: '^3.4.1',
-    typescript: '^5',
     'ts-node': '^10.9.2',
+    typescript: '^5',
   };
 
   // Add Neynar SDK if selected
@@ -698,6 +696,15 @@ export async function init(
     fs.rmSync(binPath, { recursive: true, force: true });
   }
 
+  // Remove NeynarAuthButton directory if useSponsoredSigner is false
+  if (!answers.useSponsoredSigner) {
+    console.log('\nRemoving NeynarAuthButton directory (useSponsoredSigner is false)...');
+    const neynarAuthButtonPath = path.join(projectPath, 'src', 'components', 'ui', 'NeynarAuthButton');
+    if (fs.existsSync(neynarAuthButtonPath)) {
+      fs.rmSync(neynarAuthButtonPath, { recursive: true, force: true });
+    }
+  }
+
   // Initialize git repository
   console.log('\nInitializing git repository...');
   execSync('git init', { cwd: projectPath });

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@neynar/create-farcaster-mini-app",
-  "version": "1.6.3",
+  "version": "1.7.3",
   "type": "module",
   "private": false,
   "access": "public",

scripts/deploy.ts

@@ -5,7 +5,6 @@ import os from 'os';
 import { fileURLToPath } from 'url';
 import inquirer from 'inquirer';
 import dotenv from 'dotenv';
-import crypto from 'crypto';
 import { Vercel } from '@vercel/sdk';
 import { APP_NAME, APP_BUTTON_TEXT } from '../src/lib/constants';
 
@@ -132,7 +131,7 @@ async function checkRequiredEnvVars(): Promise<void> {
 
         process.env.SPONSOR_SIGNER = sponsorSigner.toString();
 
-        if (storeSeedPhrase) {
+        if (process.env.SEED_PHRASE) {
           fs.appendFileSync(
             '.env.local',
             `\nSPONSOR_SIGNER="${sponsorSigner}"`,
@@ -299,17 +298,26 @@ async function setVercelEnvVarSDK(
     }
 
     // Get existing environment variables
-    const existingVars = await vercelClient.projects.getEnvironmentVariables({
+    const existingVars = await vercelClient.projects.filterProjectEnvs({
       idOrName: projectId,
     });
 
-    const existingVar = existingVars.envs?.find(
+    // Handle different response types
+    let envs: any[] = [];
+    if ('envs' in existingVars && Array.isArray(existingVars.envs)) {
+      envs = existingVars.envs;
+    } else if ('target' in existingVars && 'key' in existingVars) {
+      // Single environment variable response
+      envs = [existingVars];
+    }
+
+    const existingVar = envs.find(
       (env: any) => env.key === key && env.target?.includes('production'),
     );
 
-    if (existingVar) {
+    if (existingVar && existingVar.id) {
       // Update existing variable
-      await vercelClient.projects.editEnvironmentVariable({
+      await vercelClient.projects.editProjectEnv({
         idOrName: projectId,
         id: existingVar.id,
         requestBody: {
@@ -320,7 +328,7 @@ async function setVercelEnvVarSDK(
       console.log(`✅ Updated environment variable: ${key}`);
     } else {
       // Create new variable
-      await vercelClient.projects.createEnvironmentVariable({
+      await vercelClient.projects.createProjectEnv({
         idOrName: projectId,
         requestBody: {
           key: key,
@@ -458,7 +466,7 @@ async function waitForDeployment(
 
   while (Date.now() - startTime < maxWaitTime) {
     try {
-      const deployments = await vercelClient?.deployments.list({
+      const deployments = await vercelClient?.deployments.getDeployments({
         projectId: projectId,
         limit: 1,
       });
@@ -594,12 +602,17 @@ async function deployToVercel(useGitHub = false): Promise<void> {
 
     if (vercelClient) {
       try {
-        const project = await vercelClient.projects.get({
+        const projects = await vercelClient.projects.getProjects({});
-          idOrName: projectId,
+        const project = projects.projects.find(
-        });
+          p => p.id === projectId || p.name === projectId,
-        projectName = project.name;
+        );
-        domain = `${projectName}.vercel.app`;
+        if (project) {
-        console.log('🌐 Using project name for domain:', domain);
+          projectName = project.name;
+          domain = `${projectName}.vercel.app`;
+          console.log('🌐 Using project name for domain:', domain);
+        } else {
+          throw new Error('Project not found');
+        }
       } catch (error: unknown) {
         if (error instanceof Error) {
           console.warn(
@@ -653,12 +666,7 @@ async function deployToVercel(useGitHub = false): Promise<void> {
     }
 
     // Prepare environment variables
-    const nextAuthSecret =
-      process.env.NEXTAUTH_SECRET || crypto.randomBytes(32).toString('hex');
     const vercelEnv = {
-      NEXTAUTH_SECRET: nextAuthSecret,
-      AUTH_SECRET: nextAuthSecret,
-      NEXTAUTH_URL: `https://${domain}`,
       NEXT_PUBLIC_URL: `https://${domain}`,
 
       ...(process.env.NEYNAR_API_KEY && {
@@ -763,7 +771,6 @@ async function deployToVercel(useGitHub = false): Promise<void> {
       console.log('🔄 Updating environment variables with correct domain...');
 
       const updatedEnv: Record<string, string | object> = {
-        NEXTAUTH_URL: `https://${actualDomain}`,
         NEXT_PUBLIC_URL: `https://${actualDomain}`,
       };
 

scripts/dev.js

@@ -158,11 +158,7 @@ async function startDev() {
 
   nextDev = spawn(nextBin, ['dev', '-p', port.toString()], {
     stdio: 'inherit',
-    env: {
+    env: { ...process.env, NEXT_PUBLIC_URL: miniAppUrl },
-      ...process.env,
-      NEXT_PUBLIC_URL: miniAppUrl,
-      NEXTAUTH_URL: miniAppUrl,
-    },
     cwd: projectRoot,
     shell: process.platform === 'win32', // Add shell option for Windows
   });

src/app/api/auth/[...nextauth]/route.ts

@@ -1,6 +0,0 @@
-import NextAuth from 'next-auth';
-import { authOptions } from '~/auth';
-
-const handler = NextAuth(authOptions);
-
-export { handler as GET, handler as POST };

src/app/api/auth/update-session/route.ts

@@ -1,46 +0,0 @@
-import { NextResponse } from 'next/server';
-import { getServerSession } from 'next-auth';
-import { authOptions } from '~/auth';
-
-export async function POST(request: Request) {
-  try {
-    const session = await getServerSession(authOptions);
-
-    if (!session?.user?.fid) {
-      return NextResponse.json(
-        { error: 'No authenticated session found' },
-        { status: 401 },
-      );
-    }
-
-    const body = await request.json();
-    const { signers, user } = body;
-
-    if (!signers || !user) {
-      return NextResponse.json(
-        { error: 'Signers and user are required' },
-        { status: 400 },
-      );
-    }
-
-    // For NextAuth to update the session, we need to trigger the JWT callback
-    // This is typically done by calling the session endpoint with updated data
-    // However, we can't directly modify the session token from here
-
-    // Instead, we'll store the data temporarily and let the client refresh the session
-    // The session will be updated when the JWT callback is triggered
-
-    return NextResponse.json({
-      success: true,
-      message: 'Session update prepared',
-      signers,
-      user,
-    });
-  } catch (error) {
-    console.error('Error preparing session update:', error);
-    return NextResponse.json(
-      { error: 'Failed to prepare session update' },
-      { status: 500 },
-    );
-  }
-}

src/app/api/auth/validate/route.ts

@@ -0,0 +1,46 @@
+import { NextResponse } from 'next/server';
+import { createClient, Errors } from '@farcaster/quick-auth';
+
+const client = createClient();
+
+export async function POST(request: Request) {
+  try {
+    const { token } = await request.json();
+
+    if (!token) {
+      return NextResponse.json({ error: 'Token is required' }, { status: 400 });
+    }
+
+    // Get domain from environment or request
+    const domain = process.env.NEXT_PUBLIC_URL
+      ? new URL(process.env.NEXT_PUBLIC_URL).hostname
+      : request.headers.get('host') || 'localhost';
+
+    try {
+      // Use the official QuickAuth library to verify the JWT
+      const payload = await client.verifyJwt({
+        token,
+        domain,
+      });
+
+      return NextResponse.json({
+        success: true,
+        user: {
+          fid: payload.sub,
+        },
+      });
+    } catch (e) {
+      if (e instanceof Errors.InvalidTokenError) {
+        console.info('Invalid token:', e.message);
+        return NextResponse.json({ error: 'Invalid token' }, { status: 401 });
+      }
+      throw e;
+    }
+  } catch (error) {
+    console.error('Token validation error:', error);
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 },
+    );
+  }
+}

src/app/layout.tsx

@@ -1,7 +1,6 @@
 import type { Metadata } from 'next';
 import '~/app/globals.css';
 import { Providers } from '~/app/providers';
-import { getSession } from '~/auth';
 import { APP_NAME, APP_DESCRIPTION } from '~/lib/constants';
 
 export const metadata: Metadata = {
@@ -14,12 +13,10 @@ export default async function RootLayout({
 }: Readonly<{
   children: React.ReactNode;
 }>) {
-  const session = await getSession();
-
   return (
     <html lang="en">
       <body>
-        <Providers session={session}>{children}</Providers>
+        <Providers>{children}</Providers>
       </body>
     </html>
   );

src/app/providers.tsx

@@ -1,10 +1,7 @@
 'use client';
 
 import dynamic from 'next/dynamic';
-import { AuthKitProvider } from '@farcaster/auth-kit';
 import { MiniAppProvider } from '@neynar/react';
-import type { Session } from 'next-auth';
-import { SessionProvider } from 'next-auth/react';
 import { SafeFarcasterSolanaProvider } from '~/components/providers/SafeFarcasterSolanaProvider';
 import { ANALYTICS_ENABLED } from '~/lib/constants';
 
@@ -15,27 +12,19 @@ const WagmiProvider = dynamic(
   },
 );
 
-export function Providers({
+export function Providers({ children }: { children: React.ReactNode }) {
-  session,
-  children,
-}: {
-  session: Session | null;
-  children: React.ReactNode;
-}) {
   const solanaEndpoint =
     process.env.SOLANA_RPC_ENDPOINT || 'https://solana-rpc.publicnode.com';
   return (
-    <SessionProvider session={session}>
+    <WagmiProvider>
-      <WagmiProvider>
+      <MiniAppProvider
-        <MiniAppProvider
+        analyticsEnabled={ANALYTICS_ENABLED}
-          analyticsEnabled={ANALYTICS_ENABLED}
+        backButtonEnabled={true}
-          backButtonEnabled={true}
+      >
-        >
+        <SafeFarcasterSolanaProvider endpoint={solanaEndpoint}>
-          <SafeFarcasterSolanaProvider endpoint={solanaEndpoint}>
+          {children}
-            <AuthKitProvider config={{}}>{children}</AuthKitProvider>
+        </SafeFarcasterSolanaProvider>
-          </SafeFarcasterSolanaProvider>
+      </MiniAppProvider>
-        </MiniAppProvider>
+    </WagmiProvider>
-      </WagmiProvider>
-    </SessionProvider>
   );
 }

src/auth.ts

@@ -1,439 +1,10 @@
-import { createAppClient, viemConnector } from '@farcaster/auth-client';
+import { sdk } from '@farcaster/miniapp-sdk';
-import { AuthOptions, getServerSession } from 'next-auth';
-import CredentialsProvider from 'next-auth/providers/credentials';
 
-declare module 'next-auth' {
+// Export QuickAuth from the SDK
-  interface Session {
+export const quickAuth = sdk.quickAuth;
-    provider?: string;
-    user?: {
-      fid: number;
-      object?: 'user';
-      username?: string;
-      display_name?: string;
-      pfp_url?: string;
-      custody_address?: string;
-      profile?: {
-        bio: {
-          text: string;
-          mentioned_profiles?: Array<{
-            object: 'user_dehydrated';
-            fid: number;
-            username: string;
-            display_name: string;
-            pfp_url: string;
-            custody_address: string;
-          }>;
-          mentioned_profiles_ranges?: Array<{
-            start: number;
-            end: number;
-          }>;
-        };
-        location?: {
-          latitude: number;
-          longitude: number;
-          address: {
-            city: string;
-            state: string;
-            country: string;
-            country_code: string;
-          };
-        };
-      };
-      follower_count?: number;
-      following_count?: number;
-      verifications?: string[];
-      verified_addresses?: {
-        eth_addresses: string[];
-        sol_addresses: string[];
-        primary: {
-          eth_address: string;
-          sol_address: string;
-        };
-      };
-      verified_accounts?: Array<Record<string, unknown>>;
-      power_badge?: boolean;
-      url?: string;
-      experimental?: {
-        neynar_user_score: number;
-        deprecation_notice: string;
-      };
-      score?: number;
-    };
-    signers?: {
-      object: 'signer';
-      signer_uuid: string;
-      public_key: string;
-      status: 'approved';
-      fid: number;
-    }[];
-  }
-
-  interface User {
-    provider?: string;
-    signers?: Array<{
-      object: 'signer';
-      signer_uuid: string;
-      public_key: string;
-      status: 'approved';
-      fid: number;
-    }>;
-    user?: {
-      object: 'user';
-      fid: number;
-      username: string;
-      display_name: string;
-      pfp_url: string;
-      custody_address: string;
-      profile: {
-        bio: {
-          text: string;
-          mentioned_profiles?: Array<{
-            object: 'user_dehydrated';
-            fid: number;
-            username: string;
-            display_name: string;
-            pfp_url: string;
-            custody_address: string;
-          }>;
-          mentioned_profiles_ranges?: Array<{
-            start: number;
-            end: number;
-          }>;
-        };
-        location?: {
-          latitude: number;
-          longitude: number;
-          address: {
-            city: string;
-            state: string;
-            country: string;
-            country_code: string;
-          };
-        };
-      };
-      follower_count: number;
-      following_count: number;
-      verifications: string[];
-      verified_addresses: {
-        eth_addresses: string[];
-        sol_addresses: string[];
-        primary: {
-          eth_address: string;
-          sol_address: string;
-        };
-      };
-      verified_accounts: Array<Record<string, unknown>>;
-      power_badge: boolean;
-      url?: string;
-      experimental?: {
-        neynar_user_score: number;
-        deprecation_notice: string;
-      };
-      score: number;
-    };
-  }
-
-  interface JWT {
-    provider?: string;
-    signers?: Array<{
-      object: 'signer';
-      signer_uuid: string;
-      public_key: string;
-      status: 'approved';
-      fid: number;
-    }>;
-    user?: {
-      object: 'user';
-      fid: number;
-      username: string;
-      display_name: string;
-      pfp_url: string;
-      custody_address: string;
-      profile: {
-        bio: {
-          text: string;
-          mentioned_profiles?: Array<{
-            object: 'user_dehydrated';
-            fid: number;
-            username: string;
-            display_name: string;
-            pfp_url: string;
-            custody_address: string;
-          }>;
-          mentioned_profiles_ranges?: Array<{
-            start: number;
-            end: number;
-          }>;
-        };
-        location?: {
-          latitude: number;
-          longitude: number;
-          address: {
-            city: string;
-            state: string;
-            country: string;
-            country_code: string;
-          };
-        };
-      };
-      follower_count: number;
-      following_count: number;
-      verifications: string[];
-      verified_addresses: {
-        eth_addresses: string[];
-        sol_addresses: string[];
-        primary: {
-          eth_address: string;
-          sol_address: string;
-        };
-      };
-      verified_accounts?: Array<Record<string, unknown>>;
-      power_badge?: boolean;
-      url?: string;
-      experimental?: {
-        neynar_user_score: number;
-        deprecation_notice: string;
-      };
-      score?: number;
-    };
-  }
-}
-
-function getDomainFromUrl(urlString: string | undefined): string {
-  if (!urlString) {
-    console.warn('NEXTAUTH_URL is not set, using localhost:3000 as fallback');
-    return 'localhost:3000';
-  }
-  try {
-    const url = new URL(urlString);
-    return url.hostname;
-  } catch (error) {
-    console.error('Invalid NEXTAUTH_URL:', urlString, error);
-    console.warn('Using localhost:3000 as fallback');
-    return 'localhost:3000';
-  }
-}
-
-export const authOptions: AuthOptions = {
-  // Configure one or more authentication providers
-  providers: [
-    CredentialsProvider({
-      id: 'farcaster',
-      name: 'Sign in with Farcaster',
-      credentials: {
-        message: {
-          label: 'Message',
-          type: 'text',
-          placeholder: '0x0',
-        },
-        signature: {
-          label: 'Signature',
-          type: 'text',
-          placeholder: '0x0',
-        },
-        nonce: {
-          label: 'Nonce',
-          type: 'text',
-          placeholder: 'Custom nonce (optional)',
-        },
-        // In a production app with a server, these should be fetched from
-        // your Farcaster data indexer rather than have them accepted as part
-        // of credentials.
-        // question: should these natively use the Neynar API?
-        name: {
-          label: 'Name',
-          type: 'text',
-          placeholder: '0x0',
-        },
-        pfp: {
-          label: 'Pfp',
-          type: 'text',
-          placeholder: '0x0',
-        },
-      },
-      async authorize(credentials, req) {
-        const nonce = req?.body?.csrfToken;
-
-        if (!nonce) {
-          console.error('No nonce or CSRF token provided');
-          return null;
-        }
-        const appClient = createAppClient({
-          ethereum: viemConnector(),
-        });
-
-        const domain = getDomainFromUrl(process.env.NEXTAUTH_URL);
-
-        const verifyResponse = await appClient.verifySignInMessage({
-          message: credentials?.message as string,
-          signature: credentials?.signature as `0x${string}`,
-          domain,
-          nonce,
-        });
-
-        const { success, fid } = verifyResponse;
-
-        if (!success) {
-          return null;
-        }
-
-        return {
-          id: fid.toString(),
-          name: credentials?.name || `User ${fid}`,
-          image: credentials?.pfp || null,
-          provider: 'farcaster',
-        };
-      },
-    }),
-    CredentialsProvider({
-      id: 'neynar',
-      name: 'Sign in with Neynar',
-      credentials: {
-        message: {
-          label: 'Message',
-          type: 'text',
-          placeholder: '0x0',
-        },
-        signature: {
-          label: 'Signature',
-          type: 'text',
-          placeholder: '0x0',
-        },
-        nonce: {
-          label: 'Nonce',
-          type: 'text',
-          placeholder: 'Custom nonce (optional)',
-        },
-        fid: {
-          label: 'FID',
-          type: 'text',
-          placeholder: '0',
-        },
-        signers: {
-          label: 'Signers',
-          type: 'text',
-          placeholder: 'JSON string of signers',
-        },
-        user: {
-          label: 'User Data',
-          type: 'text',
-          placeholder: 'JSON string of user data',
-        },
-      },
-      async authorize(credentials) {
-        const nonce = credentials?.nonce;
-
-        if (!nonce) {
-          console.error('No nonce or CSRF token provided for Neynar auth');
-          return null;
-        }
-
-        // For Neynar, we can use a different validation approach
-        // This could involve validating against Neynar's API or using their SDK
-        try {
-          // Validate the signature using Farcaster's auth client (same as Farcaster provider)
-          const appClient = createAppClient({
-            ethereum: viemConnector(),
-          });
-
-          const domain = getDomainFromUrl(process.env.NEXTAUTH_URL);
-
-          const verifyResponse = await appClient.verifySignInMessage({
-            message: credentials?.message as string,
-            signature: credentials?.signature as `0x${string}`,
-            domain,
-            nonce,
-          });
-
-          const { success, fid } = verifyResponse;
-
-          if (!success) {
-            return null;
-          }
-
-          // Validate that the provided FID matches the verified FID
-          if (credentials?.fid && parseInt(credentials.fid) !== fid) {
-            console.error('FID mismatch in Neynar auth');
-            return null;
-          }
-
-          return {
-            id: fid.toString(),
-            provider: 'neynar',
-            signers: credentials?.signers
-              ? JSON.parse(credentials.signers)
-              : undefined,
-            user: credentials?.user ? JSON.parse(credentials.user) : undefined,
-          };
-        } catch (error) {
-          console.error('Error in Neynar auth:', error);
-          return null;
-        }
-      },
-    }),
-  ],
-  callbacks: {
-    session: async ({ session, token }) => {
-      // Set provider at the root level
-      session.provider = token.provider as string;
-
-      if (token.provider === 'farcaster') {
-        // For Farcaster, simple structure
-        session.user = {
-          fid: parseInt(token.sub ?? ''),
-        };
-      } else if (token.provider === 'neynar') {
-        // For Neynar, use full user data structure from user
-        session.user = token.user as typeof session.user;
-        session.signers = token.signers as typeof session.signers;
-      }
-
-      return session;
-    },
-    jwt: async ({ token, user }) => {
-      if (user) {
-        token.provider = user.provider;
-        token.signers = user.signers;
-        token.user = user.user;
-      }
-      return token;
-    },
-  },
-  cookies: {
-    sessionToken: {
-      name: 'next-auth.session-token',
-      options: {
-        httpOnly: true,
-        sameSite: 'none',
-        path: '/',
-        secure: true,
-      },
-    },
-    callbackUrl: {
-      name: 'next-auth.callback-url',
-      options: {
-        sameSite: 'none',
-        path: '/',
-        secure: true,
-      },
-    },
-    csrfToken: {
-      name: 'next-auth.csrf-token',
-      options: {
-        httpOnly: true,
-        sameSite: 'none',
-        path: '/',
-        secure: true,
-      },
-    },
-  },
-};
 
+// Helper function to get session (for server-side compatibility)
 export const getSession = async () => {
-  try {
+  // For QuickAuth, sessions are managed by the SDK
-    return await getServerSession(authOptions);
+  return null;
-  } catch (error) {
-    console.error('Error getting server session:', error);
-    return null;
-  }
 };

src/components/ui/NeynarAuthButton/ProfileButton.tsx

@@ -16,8 +16,14 @@ export function ProfileButton({
 
   useDetectClickOutside(ref, () => setShowDropdown(false));
 
-  const name = userData?.username ?? `!${userData?.fid}`;
+  const name =
-  const pfpUrl = userData?.pfpUrl ?? 'https://farcaster.xyz/avatar.png';
+    userData?.username && userData.username.trim() !== ''
+      ? userData.username
+      : `!${userData?.fid}`;
+  const pfpUrl =
+    userData?.pfpUrl && userData.pfpUrl.trim() !== ''
+      ? userData.pfpUrl
+      : 'https://farcaster.xyz/avatar.png';
 
   return (
     <div className="relative" ref={ref}>

src/components/ui/NeynarAuthButton/index.tsx

@@ -1,20 +1,21 @@
 'use client';
 
 import '@farcaster/auth-kit/styles.css';
-import { useCallback, useEffect, useState, useRef } from 'react';
+import { useSignIn } from '@farcaster/auth-kit';
-import { useSignIn, UseSignInData } from '@farcaster/auth-kit';
+import { useCallback, useEffect, useState } from 'react';
-import sdk, { SignIn as SignInCore } from '@farcaster/frame-sdk';
+import { cn } from '~/lib/utils';
+import { Button } from '~/components/ui/Button';
+import { AuthDialog } from '~/components/ui/NeynarAuthButton/AuthDialog';
+import { ProfileButton } from '~/components/ui/NeynarAuthButton/ProfileButton';
+import { AuthDialog } from '~/components/ui/NeynarAuthButton/AuthDialog';
+import { getItem, removeItem, setItem } from '~/lib/localStorage';
 import { useMiniApp } from '@neynar/react';
 import {
   signIn as backendSignIn,
   signOut as backendSignOut,
   useSession,
 } from 'next-auth/react';
-import { Button } from '~/components/ui/Button';
+import sdk, { SignIn as SignInCore } from '@farcaster/miniapp-sdk';
-import { AuthDialog } from '~/components/ui/NeynarAuthButton/AuthDialog';
-import { ProfileButton } from '~/components/ui/NeynarAuthButton/ProfileButton';
-import { getItem, removeItem, setItem } from '~/lib/localStorage';
-import { cn } from '~/lib/utils';
 
 type User = {
   fid: number;
@@ -112,8 +113,6 @@ export function NeynarAuthButton() {
   );
   const [message, setMessage] = useState<string | null>(null);
   const [signature, setSignature] = useState<string | null>(null);
-  const [isSignerFlowRunning, setIsSignerFlowRunning] = useState(false);
-  const signerFlowStartedRef = useRef(false);
 
   // Determine which flow to use based on context
   const useBackendFlow = context !== undefined;
@@ -141,7 +140,7 @@ export function NeynarAuthButton() {
   const updateSessionWithSigners = useCallback(
     async (
       signers: StoredAuthState['signers'],
-      user: StoredAuthState['user'],
+      _user: StoredAuthState['user'],
     ) => {
       if (!useBackendFlow) return;
 
@@ -164,7 +163,7 @@ export function NeynarAuthButton() {
         console.error('❌ Error updating session with signers:', error);
       }
     },
-    [useBackendFlow, message, signature, nonce],
+    [useBackendFlow, message, signature, nonce]
   );
 
   // Helper function to fetch user data from Neynar API
@@ -291,46 +290,14 @@ export function NeynarAuthButton() {
   // Helper function to poll signer status
   const startPolling = useCallback(
     (signerUuid: string, message: string, signature: string) => {
-      // Clear any existing polling interval before starting a new one
-      if (pollingInterval) {
-        clearInterval(pollingInterval);
-      }
-
-      let retryCount = 0;
-      const maxRetries = 10; // Maximum 10 retries (20 seconds total)
-      const maxPollingTime = 60000; // Maximum 60 seconds of polling
-      const startTime = Date.now();
-
       const interval = setInterval(async () => {
-        // Check if we've been polling too long
-        if (Date.now() - startTime > maxPollingTime) {
-          clearInterval(interval);
-          setPollingInterval(null);
-          return;
-        }
-
         try {
           const response = await fetch(
             `/api/auth/signer?signerUuid=${signerUuid}`,
           );
 
           if (!response.ok) {
-            // Check if it's a rate limit error
+            throw new Error('Failed to poll signer status');
-            if (response.status === 429) {
-              clearInterval(interval);
-              setPollingInterval(null);
-              return;
-            }
-
-            // Increment retry count for other errors
-            retryCount++;
-            if (retryCount >= maxRetries) {
-              clearInterval(interval);
-              setPollingInterval(null);
-              return;
-            }
-
-            throw new Error(`Failed to poll signer status: ${response.status}`);
           }
 
           const signerData = await response.json();
@@ -352,7 +319,7 @@ export function NeynarAuthButton() {
 
       setPollingInterval(interval);
     },
-    [fetchAllSigners, pollingInterval],
+    [fetchAllSigners]
   );
 
   // Cleanup polling on unmount
@@ -361,7 +328,6 @@ export function NeynarAuthButton() {
       if (pollingInterval) {
         clearInterval(pollingInterval);
       }
-      signerFlowStartedRef.current = false;
     };
   }, [pollingInterval]);
 
@@ -396,11 +362,11 @@ export function NeynarAuthButton() {
 
   // Success callback - this is critical!
   const onSuccessCallback = useCallback(
-    async (res: UseSignInData) => {
+    async (res: unknown) => {
       if (!useBackendFlow) {
         // Only handle localStorage for frontend flow
         const existingAuth = getItem<StoredAuthState>(STORAGE_KEY);
-        const user = res.fid ? await fetchUserData(res.fid) : null;
+        const user = await fetchUserData(res.fid);
         const authState: StoredAuthState = {
           ...existingAuth,
           isAuthenticated: true,
@@ -412,7 +378,7 @@ export function NeynarAuthButton() {
       }
       // For backend flow, the session will be handled by NextAuth
     },
-    [useBackendFlow, fetchUserData],
+    [useBackendFlow, fetchUserData]
   );
 
   // Error callback
@@ -443,11 +409,6 @@ export function NeynarAuthButton() {
   useEffect(() => {
     setMessage(data?.message || null);
     setSignature(data?.signature || null);
-
-    // Reset the signer flow flag when message/signature change
-    if (data?.message && data?.signature) {
-      signerFlowStartedRef.current = false;
-    }
   }, [data?.message, data?.signature]);
 
   // Connect for frontend flow when nonce is available
@@ -459,16 +420,8 @@ export function NeynarAuthButton() {
 
   // Handle fetching signers after successful authentication
   useEffect(() => {
-    if (
+    if (message && signature) {
-      message &&
-      signature &&
-      !isSignerFlowRunning &&
-      !signerFlowStartedRef.current
-    ) {
-      signerFlowStartedRef.current = true;
-
       const handleSignerFlow = async () => {
-        setIsSignerFlowRunning(true);
         try {
           const clientContext = context?.client as Record<string, unknown>;
           const isMobileContext =
@@ -484,7 +437,6 @@ export function NeynarAuthButton() {
 
           // First, fetch existing signers
           const signers = await fetchAllSigners(message, signature);
-
           if (useBackendFlow && isMobileContext) setSignersLoading(true);
 
           // Check if no signers exist or if we have empty signers
@@ -505,9 +457,9 @@ export function NeynarAuthButton() {
               setShowDialog(false);
               await sdk.actions.openUrl(
                 signedKeyData.signer_approval_url.replace(
-                  'https://client.farcaster.xyz/deeplinks/signed-key-request',
+                  'https://client.farcaster.xyz/deeplinks/',
-                  'https://farcaster.xyz/~/connect',
+                  'farcaster://'
-                ),
+                )
               );
             } else {
               setShowDialog(true); // Ensure dialog is shown during loading
@@ -529,14 +481,21 @@ export function NeynarAuthButton() {
           setSignersLoading(false);
           setShowDialog(false);
           setSignerApprovalUrl(null);
-        } finally {
-          setIsSignerFlowRunning(false);
         }
       };
 
       handleSignerFlow();
     }
-  }, [message, signature]); // Simplified dependencies
+  }, [
+    message,
+    signature,
+    fetchAllSigners,
+    createSigner,
+    generateSignedKeyRequest,
+    startPolling,
+    context,
+    useBackendFlow,
+  ]);
 
   // Backend flow using NextAuth
   const handleBackendSignIn = useCallback(async () => {
@@ -565,7 +524,7 @@ export function NeynarAuthButton() {
       }
     } catch (e) {
       if (e instanceof SignInCore.RejectedByUser) {
-        console.error('ℹ️ Sign-in rejected by user');
+        console.log('ℹ️ Sign-in rejected by user');
       } else {
         console.error('❌ Backend sign-in error:', e);
       }
@@ -609,9 +568,6 @@ export function NeynarAuthButton() {
         clearInterval(pollingInterval);
         setPollingInterval(null);
       }
-
-      // Reset signer flow flag
-      signerFlowStartedRef.current = false;
     } catch (error) {
       console.error('❌ Error during sign out:', error);
       // Optionally handle error state
@@ -668,7 +624,7 @@ export function NeynarAuthButton() {
             'btn btn-primary flex items-center gap-3',
             'disabled:opacity-50 disabled:cursor-not-allowed',
             'transform transition-all duration-200 active:scale-[0.98]',
-            !url && !useBackendFlow && 'cursor-not-allowed',
+            !url && !useBackendFlow && 'cursor-not-allowed'
           )}
         >
           {!useBackendFlow && !url ? (
@@ -707,4 +663,4 @@ export function NeynarAuthButton() {
       }
     </>
   );
-}
+}

src/components/ui/tabs/ActionsTab.tsx

@@ -5,10 +5,19 @@ import { type Haptics } from '@farcaster/miniapp-sdk';
 import { useMiniApp } from '@neynar/react';
 import { APP_URL } from '~/lib/constants';
 import { Button } from '../Button';
-import { NeynarAuthButton } from '../NeynarAuthButton/index';
 import { ShareButton } from '../Share';
 import { SignIn } from '../wallet/SignIn';
 
+// Optional import for NeynarAuthButton - may not exist in all templates
+let NeynarAuthButton: React.ComponentType | null = null;
+try {
+  const module = require('../NeynarAuthButton/index');
+  NeynarAuthButton = module.NeynarAuthButton;
+} catch (error) {
+  // Component doesn't exist, that's okay
+  console.log('NeynarAuthButton not available in this template');
+}
+
 /**
  * ActionsTab component handles mini app actions like sharing, notifications, and haptic feedback.
  *
@@ -140,7 +149,7 @@ export function ActionsTab() {
       <SignIn />
 
       {/* Neynar Authentication */}
-      <NeynarAuthButton />
+      {NeynarAuthButton && <NeynarAuthButton />}
 
       {/* Mini app actions */}
       <Button

src/components/ui/wallet/SignIn.tsx

@@ -1,22 +1,20 @@
 'use client';
 
 import { useCallback, useState } from 'react';
-import sdk, { SignIn as SignInCore } from '@farcaster/miniapp-sdk';
+import { SignIn as SignInCore } from '@farcaster/miniapp-sdk';
-import { signIn, signOut, getCsrfToken } from 'next-auth/react';
+import { useQuickAuth } from '~/hooks/useQuickAuth';
-import { useSession } from 'next-auth/react';
 import { Button } from '../Button';
 
 /**
- * SignIn component handles Farcaster authentication using Sign-In with Farcaster (SIWF).
+ * SignIn component handles Farcaster authentication using QuickAuth.
  *
  * This component provides a complete authentication flow for Farcaster users:
- * - Generates nonces for secure authentication
+ * - Uses the built-in QuickAuth functionality from the Farcaster SDK
- * - Handles the SIWF flow using the Farcaster SDK
+ * - Manages authentication state in memory (no persistence)
- * - Manages NextAuth session state
  * - Provides sign-out functionality
  * - Displays authentication status and results
  *
- * The component integrates with both the Farcaster Frame SDK and NextAuth
+ * The component integrates with the Farcaster Frame SDK and QuickAuth
  * to provide seamless authentication within mini apps.
  *
  * @example
@@ -36,37 +34,19 @@ export function SignIn() {
     signingIn: false,
     signingOut: false,
   });
-  const [signInResult, setSignInResult] = useState<SignInCore.SignInResult>();
   const [signInFailure, setSignInFailure] = useState<string>();
 
   // --- Hooks ---
-  const { data: session, status } = useSession();
+  const { authenticatedUser, status, signIn, signOut } = useQuickAuth();
 
   // --- Handlers ---
   /**
-   * Generates a nonce for the sign-in process.
+   * Handles the sign-in process using QuickAuth.
    *
-   * This function retrieves a CSRF token from NextAuth to use as a nonce
+   * This function uses the built-in QuickAuth functionality:
-   * for the SIWF authentication flow. The nonce ensures the authentication
+   * 1. Gets a token from QuickAuth (handles SIWF flow automatically)
-   * request is fresh and prevents replay attacks.
+   * 2. Validates the token with our server
-   *
+   * 3. Updates the session state
-   * @returns Promise<string> - The generated nonce token
-   * @throws Error if unable to generate nonce
-   */
-  const getNonce = useCallback(async () => {
-    const nonce = await getCsrfToken();
-    if (!nonce) throw new Error('Unable to generate nonce');
-    return nonce;
-  }, []);
-
-  /**
-   * Handles the sign-in process using Farcaster SDK.
-   *
-   * This function orchestrates the complete SIWF flow:
-   * 1. Generates a nonce for security
-   * 2. Calls the Farcaster SDK to initiate sign-in
-   * 3. Submits the result to NextAuth for session management
-   * 4. Handles various error conditions including user rejection
    *
    * @returns Promise<void>
    */
@@ -74,14 +54,12 @@ export function SignIn() {
     try {
       setAuthState(prev => ({ ...prev, signingIn: true }));
       setSignInFailure(undefined);
-      const nonce = await getNonce();
+
-      const result = await sdk.actions.signIn({ nonce });
+      const success = await signIn();
-      setSignInResult(result);
+
-      await signIn('farcaster', {
+      if (!success) {
-        message: result.message,
+        setSignInFailure('Authentication failed');
-        signature: result.signature,
+      }
-        redirect: false,
-      });
     } catch (e) {
       if (e instanceof SignInCore.RejectedByUser) {
         setSignInFailure('Rejected by user');
@@ -91,52 +69,47 @@ export function SignIn() {
     } finally {
       setAuthState(prev => ({ ...prev, signingIn: false }));
     }
-  }, [getNonce]);
+  }, [signIn]);
 
   /**
    * Handles the sign-out process.
    *
-   * This function clears the NextAuth session only if the current session
+   * This function clears the QuickAuth session and resets the local state.
-   * is using the Farcaster provider, and resets the local sign-in result state.
    *
    * @returns Promise<void>
    */
   const handleSignOut = useCallback(async () => {
     try {
       setAuthState(prev => ({ ...prev, signingOut: true }));
-      // Only sign out if the current session is from Farcaster provider
+      await signOut();
-      if (session?.provider === 'farcaster') {
-        await signOut({ redirect: false });
-      }
-      setSignInResult(undefined);
     } finally {
       setAuthState(prev => ({ ...prev, signingOut: false }));
     }
-  }, [session]);
+  }, [signOut]);
 
   // --- Render ---
   return (
     <>
       {/* Authentication Buttons */}
-      {(status !== 'authenticated' || session?.provider !== 'farcaster') && (
+      {status !== 'authenticated' && (
         <Button onClick={handleSignIn} disabled={authState.signingIn}>
           Sign In with Farcaster
         </Button>
       )}
-      {status === 'authenticated' && session?.provider === 'farcaster' && (
+      {status === 'authenticated' && (
         <Button onClick={handleSignOut} disabled={authState.signingOut}>
           Sign out
         </Button>
       )}
 
       {/* Session Information */}
-      {session && (
+      {authenticatedUser && (
         <div className="my-2 p-2 text-xs overflow-x-scroll bg-gray-100 dark:bg-gray-900 rounded-lg font-mono">
           <div className="font-semibold text-gray-500 dark:text-gray-300 mb-1">
-            Session
+            Authenticated User
           </div>
           <div className="whitespace-pre text-gray-700 dark:text-gray-200">
-            {JSON.stringify(session, null, 2)}
+            {JSON.stringify(authenticatedUser, null, 2)}
           </div>
         </div>
       )}
@@ -145,25 +118,13 @@ export function SignIn() {
       {signInFailure && !authState.signingIn && (
         <div className="my-2 p-2 text-xs overflow-x-scroll bg-gray-100 dark:bg-gray-900 rounded-lg font-mono">
           <div className="font-semibold text-gray-500 dark:text-gray-300 mb-1">
-            SIWF Result
+            Authentication Error
           </div>
           <div className="whitespace-pre text-gray-700 dark:text-gray-200">
             {signInFailure}
           </div>
         </div>
       )}
-
-      {/* Success Result Display */}
-      {signInResult && !authState.signingIn && (
-        <div className="my-2 p-2 text-xs overflow-x-scroll bg-gray-100 dark:bg-gray-900 rounded-lg font-mono">
-          <div className="font-semibold text-gray-500 dark:text-gray-300 mb-1">
-            SIWF Result
-          </div>
-          <div className="whitespace-pre text-gray-700 dark:text-gray-200">
-            {JSON.stringify(signInResult, null, 2)}
-          </div>
-        </div>
-      )}
     </>
   );
 }

src/hooks/useQuickAuth.ts

@@ -0,0 +1,207 @@
+'use client';
+
+import { useState, useEffect, useCallback } from 'react';
+import { sdk } from '@farcaster/miniapp-sdk';
+
+/**
+ * Represents the current authenticated user state
+ */
+interface AuthenticatedUser {
+  /** The user's Farcaster ID (FID) */
+  fid: number;
+}
+
+/**
+ * Possible authentication states for QuickAuth
+ */
+type QuickAuthStatus = 'loading' | 'authenticated' | 'unauthenticated';
+
+/**
+ * Return type for the useQuickAuth hook
+ */
+interface UseQuickAuthReturn {
+  /** Current authenticated user data, or null if not authenticated */
+  authenticatedUser: AuthenticatedUser | null;
+  /** Current authentication status */
+  status: QuickAuthStatus;
+  /** Function to initiate the sign-in process using QuickAuth */
+  signIn: () => Promise<boolean>;
+  /** Function to sign out and clear the current authentication state */
+  signOut: () => Promise<void>;
+  /** Function to retrieve the current authentication token */
+  getToken: () => Promise<string | null>;
+}
+
+/**
+ * Custom hook for managing QuickAuth authentication state
+ *
+ * This hook provides a complete authentication flow using Farcaster's QuickAuth:
+ * - Automatically checks for existing authentication on mount
+ * - Validates tokens with the server-side API
+ * - Manages authentication state in memory (no persistence)
+ * - Provides sign-in/sign-out functionality
+ *
+ * QuickAuth tokens are managed in memory only, so signing out of the Farcaster
+ * client will automatically sign the user out of this mini app as well.
+ *
+ * @returns {UseQuickAuthReturn} Object containing user state and authentication methods
+ *
+ * @example
+ * ```tsx
+ * const { authenticatedUser, status, signIn, signOut } = useQuickAuth();
+ *
+ * if (status === 'loading') return <div>Loading...</div>;
+ * if (status === 'unauthenticated') return <button onClick={signIn}>Sign In</button>;
+ *
+ * return (
+ *   <div>
+ *     <p>Welcome, FID: {authenticatedUser?.fid}</p>
+ *     <button onClick={signOut}>Sign Out</button>
+ *   </div>
+ * );
+ * ```
+ */
+export function useQuickAuth(): UseQuickAuthReturn {
+  // Current authenticated user data
+  const [authenticatedUser, setAuthenticatedUser] =
+    useState<AuthenticatedUser | null>(null);
+  // Current authentication status
+  const [status, setStatus] = useState<QuickAuthStatus>('loading');
+
+  /**
+   * Validates a QuickAuth token with the server-side API
+   *
+   * @param {string} authToken - The JWT token to validate
+   * @returns {Promise<AuthenticatedUser | null>} User data if valid, null otherwise
+   */
+  const validateTokenWithServer = async (
+    authToken: string,
+  ): Promise<AuthenticatedUser | null> => {
+    try {
+      const validationResponse = await fetch('/api/auth/validate', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ token: authToken }),
+      });
+
+      if (validationResponse.ok) {
+        const responseData = await validationResponse.json();
+        return responseData.user;
+      }
+
+      return null;
+    } catch (error) {
+      console.error('Token validation failed:', error);
+      return null;
+    }
+  };
+
+  /**
+   * Checks for existing authentication token and validates it on component mount
+   * This runs automatically when the hook is first used
+   */
+  useEffect(() => {
+    const checkExistingAuthentication = async () => {
+      try {
+        // Attempt to retrieve existing token from QuickAuth SDK
+        const { token } = await sdk.quickAuth.getToken();
+
+        if (token) {
+          // Validate the token with our server-side API
+          const validatedUserSession = await validateTokenWithServer(token);
+
+          if (validatedUserSession) {
+            // Token is valid, set authenticated state
+            setAuthenticatedUser(validatedUserSession);
+            setStatus('authenticated');
+          } else {
+            // Token is invalid or expired, clear authentication state
+            setStatus('unauthenticated');
+          }
+        } else {
+          // No existing token found, user is not authenticated
+          setStatus('unauthenticated');
+        }
+      } catch (error) {
+        console.error('Error checking existing authentication:', error);
+        setStatus('unauthenticated');
+      }
+    };
+
+    checkExistingAuthentication();
+  }, []);
+
+  /**
+   * Initiates the QuickAuth sign-in process
+   *
+   * Uses sdk.quickAuth.getToken() to get a QuickAuth session token.
+   * If there is already a session token in memory that hasn't expired,
+   * it will be immediately returned, otherwise a fresh one will be acquired.
+   *
+   * @returns {Promise<boolean>} True if sign-in was successful, false otherwise
+   */
+  const signIn = useCallback(async (): Promise<boolean> => {
+    try {
+      setStatus('loading');
+
+      // Get QuickAuth session token
+      const { token } = await sdk.quickAuth.getToken();
+
+      if (token) {
+        // Validate the token with our server-side API
+        const validatedUserSession = await validateTokenWithServer(token);
+
+        if (validatedUserSession) {
+          // Authentication successful, update user state
+          setAuthenticatedUser(validatedUserSession);
+          setStatus('authenticated');
+          return true;
+        }
+      }
+
+      // Authentication failed, clear user state
+      setStatus('unauthenticated');
+      return false;
+    } catch (error) {
+      console.error('Sign-in process failed:', error);
+      setStatus('unauthenticated');
+      return false;
+    }
+  }, []);
+
+  /**
+   * Signs out the current user and clears the authentication state
+   *
+   * Since QuickAuth tokens are managed in memory only, this simply clears
+   * the local user state. The actual token will be cleared when the
+   * user signs out of their Farcaster client.
+   */
+  const signOut = useCallback(async (): Promise<void> => {
+    // Clear local user state
+    setAuthenticatedUser(null);
+    setStatus('unauthenticated');
+  }, []);
+
+  /**
+   * Retrieves the current authentication token from QuickAuth
+   *
+   * @returns {Promise<string | null>} The current auth token, or null if not authenticated
+   */
+  const getToken = useCallback(async (): Promise<string | null> => {
+    try {
+      const { token } = await sdk.quickAuth.getToken();
+      return token;
+    } catch (error) {
+      console.error('Failed to retrieve authentication token:', error);
+      return null;
+    }
+  }, []);
+
+  return {
+    authenticatedUser,
+    status,
+    signIn,
+    signOut,
+    getToken,
+  };
+}