Lee Wyatt Corp · One Account

Sign in with WyConnect

WyConnect is the single login behind every Lee Wyatt Corp product. One account, one button, the same identity everywhere — from WyRemover to Jobbr to AddyDaddy. Add it to a Lee Wyatt Corp app in minutes, or hand the prompt below to your AI agent and let it wire everything up.

↑ a real, live WyConnect button

Live and working today for Lee Wyatt Corp products. Each app's web address is added to a security allowlist, then the button just works — same accounts, same profiles, everywhere.

Outside sites: for security, WyConnect only sends sessions to web addresses we've approved. If you want WyConnect on a site that isn't a Lee Wyatt Corp product, email brandon@leewyattcorp.com and we'll add your address. A fully self-serve, open "Sign in with WyConnect" for any third party (OAuth2/OIDC) is on the roadmap, not live yet.

What WyConnect handles vs. what your app handles

WyConnect gives you a verified identity. Your app owns everything else.

WyConnect handles

Sign-in & sign-out
Account identity & user ID
Session tokens
Email / password & recovery
Shared profile (name, avatar)
Connected logins (Discord)
Delete-your-account

Your app handles

App-specific profiles
Orders & payments
Settings & preferences
Roles & permissions
Game data & saves
Saved content & history

Add it yourself in 3 steps

Get your site approved. If it's a Lee Wyatt Corp product it's already covered; otherwise email us your exact web address to allowlist.
Drop in the button. Paste the snippet below where you want the login to appear.
Verify on your server. Send the user's token to your backend and confirm it before you trust them — copy the ready-made helper from https://leewyattcorp.com/connect/verify/ (Node or Python, no secret keys).

Drop-in code

<link rel="stylesheet" href="https://leewyattcorp.com/connect/wyconnect.css">
<script src="https://leewyattcorp.com/connect/wyconnect.js"></script>
<div id="wy-btn"></div>
<script>
  WyConnect.init({ appId: "my-app", appName: "My App" });
  WyConnect.renderButton("#wy-btn");
  WyConnect.onChange(function (session) {
    if (session) {
      // session.user.email, session.user.id, session.access_token
      // send session.access_token to your backend to verify it
    }
  });
</script>

Use a unique appId per product. Full docs & server verify helpers: https://leewyattcorp.com/connect/README.md · working demo: https://leewyattcorp.com/connect/example/

Backend checklist

Every app that uses WyConnect must verify tokens server-side. These are not optional.

Read Authorization: Bearer <token> from every protected request
Verify the token using the official helper — never skip this step
Reject any request with an invalid or expired token
Use the verified user.id as your account key — not the email
Never put a Supabase service-role key in browser code

Copy the verifier: https://leewyattcorp.com/connect/verify/ (verify-token.js for Node, verify_token.py for Python).

Or just give this to your AI agent

Building with Cursor, Claude, Codex, Copilot, or any coding AI? Copy this prompt, paste it in, and your agent has everything it needs to add "Sign in with WyConnect" correctly.

Add "Sign in with WyConnect" (the Lee Wyatt Corp shared login) to this project.

Use the official drop-in SDK, do not roll your own auth:

1. In the HTML where the login button should appear, add:
   <link rel="stylesheet" href="https://leewyattcorp.com/connect/wyconnect.css">
   <script src="https://leewyattcorp.com/connect/wyconnect.js"></script>
   <div id="wy-btn"></div>
   <script>
     WyConnect.init({ appId: "REPLACE-with-unique-app-id", appName: "REPLACE-with-app-name" });
     WyConnect.renderButton("#wy-btn");
     WyConnect.onChange(function (session) {
       if (session) {
         // session.user.id is the user's Lee Wyatt Corp account id.
         // session.user.email, session.access_token are also available.
         // Send session.access_token to the backend as: Authorization: Bearer <token>
       } else {
         // signed out
       }
     });
   </script>

2. On the backend, NEVER trust the token without verifying it. Copy the official
   verifier from https://leewyattcorp.com/connect/verify/ (verify-token.js for
   Node, or verify_token.py for Python). It uses only the public anon key, no
   secret/service-role key. Reject the request if verification fails.

3. Key any per-user data in this app by the verified Lee Wyatt Corp user id —
   not by email. Each app stores its own app-specific data (orders, settings,
   game data, etc.) separately from WyConnect's shared profile fields.

4. The site's exact origin (e.g. https://mysite.com) must be on the WyConnect
   allowlist or the popup will refuse to return a session. If it's not a Lee
   Wyatt Corp product, tell me to email brandon@leewyattcorp.com to get the
   origin approved.

Full reference: https://leewyattcorp.com/connect/README.md
Do not invent endpoints or store passwords — WyConnect handles all of that.

The prompt tells your agent to verify tokens server-side and to ask you to get the site approved — no fake "works everywhere" shortcuts.

Why one login

One account across every Lee Wyatt Corp product — sign in once, you're known everywhere.
Shared profile fields like name and avatar can come from WyConnect. Each app stores its own app-specific data using the verified Lee Wyatt Corp user ID, with row-level security where applicable.
No passwords ever touch your app — WyConnect handles sign-in, recovery, and email/password securely.
Delete-your-account is built in. Connected logins (Discord) are live and supported across Lee Wyatt Corp products.