One button. Every Cube user.

Add a Google-style sign-in button to any website. You get a verified email and a wallet address — without ever touching a key or a password.

Try it live

These are real buttons rendered by the SDK on this page.

Quickstart

Two tags. Works on any site, any framework — same shape as the Google Identity Services API.

<script src="https://YOUR-CUBE-HOST/cubemail-signin.js" async></script>
<div id="cubemailButton"></div>
<script>
  window.onload = function () {
    cubemail.accounts.id.initialize({
      callback: function (response) {
        // response.credential -> id_token (JWT). Verify it on YOUR server.
        // response.profile    -> { email, handle, display_name, wallet_address }
        fetch('/your-api/session', {
          method: 'POST',
          headers: { 'Content-Type': 'application/json' },
          body: JSON.stringify({ credential: response.credential }),
        });
      },
    });
    cubemail.accounts.id.renderButton(
      document.getElementById('cubemailButton'),
      { theme: 'outline', size: 'large', text: 'continue_with' }
    );
  };
</script>

Verify on your server

The credential is a signed JWT. Never trust it client-side — verify it first:

// On your server — verify the credential before trusting it:
const res = await fetch('https://YOUR-CUBE-HOST/api/cubemail/oauth/verify', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    id_token: credential,
    audience: 'https://your-site.example',   // your web origin
  }),
});
const { valid, profile } = await res.json();
// valid === true  ->  profile.email / profile.wallet_address are authentic

Redirect flow (no popup)

Prefer a full-page redirect with a server-side code exchange? Same button, one option:

// No-popup flow (server-side exchange):
cubemail.accounts.id.signIn({
  ux_mode: 'redirect',
  redirect_uri: 'https://your-site.example/auth/callback',
});
// You'll receive  GET /auth/callback?code=...&state=...
// Exchange the single-use code from your server:
//   POST https://YOUR-CUBE-HOST/api/cubemail/oauth/exchange
//   { "code": "...", "origin": "https://your-site.example" }
//   -> { id_token, profile }

Button options

Option	Values	Default
theme	outline · filled · dark	outline
size	large · medium · small	large
text	continue_with · signin_with · signup_with	continue_with
shape	pill · rectangular	pill
width	any px value	auto
ux_mode	popup · redirect	popup

Security model: codes are single-use, expire in 2 minutes, and are bound to your exact web origin. The popup result is delivered by targeted postMessage, and the credential audience is your origin — a token issued for another site fails verification on yours.