diff --git a/server/handlers.go b/server/handlers.go
index 67ecf81aae..c3351bdaa4 100755
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -282,6 +282,86 @@ func (s *Server) handleVerify(w http.ResponseWriter, r *http.Request) {
 	}{redirectURL})
 }
 
+func (s *Server) handleVerifyDirect(w http.ResponseWriter, r *http.Request) {
+	var verifyReq struct {
+		Signed string `json:"signed"`
+		State  string `json:"state"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&verifyReq); err != nil {
+		s.renderErrorJSON(w, http.StatusBadRequest, "Could not parse request body JSON.")
+		return
+	}
+
+	authReq, err := s.storage.GetAuthRequest(verifyReq.State)
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusBadRequest, "Requested resource does not exist.")
+		return
+	}
+
+	var data web3ConnectorData
+	json.Unmarshal(authReq.ConnectorData, &data)
+
+	conn, err := s.getConnector(authReq.ConnectorID)
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusInternalServerError, "Requested resource does not exist.")
+		return
+	}
+
+	w3Conn, ok := conn.Connector.(connector.Web3Connector)
+	if !ok {
+		s.renderErrorJSON(w, http.StatusInternalServerError, "Requested resource does not exist.")
+		return
+	}
+
+	identity, err := w3Conn.Verify(data.Address, data.Nonce, verifyReq.Signed)
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusBadRequest, "Could not verify signature.")
+		return
+	}
+
+	_, err = s.finalizeLogin(identity, authReq, conn)
+	if err != nil {
+		s.renderErrorJSON(w, http.StatusInternalServerError, "Login failure.")
+	}
+
+	if s.now().After(authReq.Expiry) {
+		s.renderErrorJSON(w, http.StatusBadRequest, "User session has expired.")
+		return
+	}
+
+	if err := s.storage.DeleteAuthRequest(authReq.ID); err != nil {
+		if err != storage.ErrNotFound {
+			s.logger.Errorf("Failed to delete authorization request: %v", err)
+			s.renderErrorJSON(w, http.StatusInternalServerError, "Internal server error.")
+		} else {
+			s.renderErrorJSON(w, http.StatusBadRequest, "User session error.")
+		}
+		return
+	}
+
+	code := storage.AuthCode{
+		ID:            storage.NewID(),
+		ClientID:      authReq.ClientID,
+		ConnectorID:   authReq.ConnectorID,
+		Nonce:         authReq.Nonce,
+		Scopes:        authReq.Scopes,
+		Claims:        authReq.Claims,
+		Expiry:        s.now().Add(time.Minute * 30),
+		RedirectURI:   authReq.RedirectURI,
+		ConnectorData: authReq.ConnectorData,
+		PKCE:          authReq.PKCE,
+	}
+	if err := s.storage.CreateAuthCode(code); err != nil {
+		s.logger.Errorf("Failed to create auth code: %v", err)
+		s.renderError(r, w, http.StatusInternalServerError, "Internal server error.")
+		return
+	}
+
+	s.renderJSON(w, struct {
+		Redirect string `json:"code"`
+	}{code.ID})
+}
+
 func (s *Server) handleCreateAuthorizationRequest(w http.ResponseWriter, r *http.Request) {
 	authReq, err := s.parseAuthorizationRequest(r)
 	if err != nil {
diff --git a/server/server.go b/server/server.go
index f2de0f3f0e..c519837eff 100755
--- a/server/server.go
+++ b/server/server.go
@@ -355,6 +355,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
 	handleFunc("/auth/{connector}/login", s.handlePasswordLogin)
 	handleWithCORS("/auth/{connector}/challenge", s.handleChallenge)
 	handleWithCORS("/auth/{connector}/verify", s.handleVerify)
+	handleWithCORS("/auth/{connector}/verify_direct", s.handleVerifyDirect)
 	handleWithCORS("/auth/{connector}/init", s.handleCreateAuthorizationRequest)
 	handleFunc("/device", s.handleDeviceExchange)
 	handleFunc("/device/auth/verify_code", s.verifyUserCode)
diff --git a/storage/ent/db/authcode_create.go b/storage/ent/db/authcode_create.go
index eaf2f8ac5e..b2bfe574f4 100644
--- a/storage/ent/db/authcode_create.go
+++ b/storage/ent/db/authcode_create.go
@@ -314,6 +314,9 @@ func (acc *AuthCodeCreate) sqlSave(ctx context.Context) (*AuthCode, error) {
 		}
 		return nil, err
 	}
+	if _spec.ID.Value != nil {
+		_node.ID = _spec.ID.Value.(string)
+	}
 	return _node, nil
 }
 
diff --git a/storage/ent/db/authrequest_create.go b/storage/ent/db/authrequest_create.go
index 3e96b28480..9a6c2e5713 100644
--- a/storage/ent/db/authrequest_create.go
+++ b/storage/ent/db/authrequest_create.go
@@ -312,6 +312,9 @@ func (arc *AuthRequestCreate) sqlSave(ctx context.Context) (*AuthRequest, error)
 		}
 		return nil, err
 	}
+	if _spec.ID.Value != nil {
+		_node.ID = _spec.ID.Value.(string)
+	}
 	return _node, nil
 }
 
diff --git a/storage/ent/db/connector_create.go b/storage/ent/db/connector_create.go
index 387231b98e..00be7bf3f1 100644
--- a/storage/ent/db/connector_create.go
+++ b/storage/ent/db/connector_create.go
@@ -157,6 +157,9 @@ func (cc *ConnectorCreate) sqlSave(ctx context.Context) (*Connector, error) {
 		}
 		return nil, err
 	}
+	if _spec.ID.Value != nil {
+		_node.ID = _spec.ID.Value.(string)
+	}
 	return _node, nil
 }
 
diff --git a/storage/ent/db/keys_create.go b/storage/ent/db/keys_create.go
index 18e58f8b2f..4c11ca3eea 100644
--- a/storage/ent/db/keys_create.go
+++ b/storage/ent/db/keys_create.go
@@ -150,6 +150,9 @@ func (kc *KeysCreate) sqlSave(ctx context.Context) (*Keys, error) {
 		}
 		return nil, err
 	}
+	if _spec.ID.Value != nil {
+		_node.ID = _spec.ID.Value.(string)
+	}
 	return _node, nil
 }
 
diff --git a/storage/ent/db/oauth2client_create.go b/storage/ent/db/oauth2client_create.go
index b141352b26..691962bd67 100644
--- a/storage/ent/db/oauth2client_create.go
+++ b/storage/ent/db/oauth2client_create.go
@@ -174,6 +174,9 @@ func (oc *OAuth2ClientCreate) sqlSave(ctx context.Context) (*OAuth2Client, error
 		}
 		return nil, err
 	}
+	if _spec.ID.Value != nil {
+		_node.ID = _spec.ID.Value.(string)
+	}
 	return _node, nil
 }
 
diff --git a/storage/ent/db/offlinesession_create.go b/storage/ent/db/offlinesession_create.go
index add3912a5b..bd0c4f1c78 100644
--- a/storage/ent/db/offlinesession_create.go
+++ b/storage/ent/db/offlinesession_create.go
@@ -154,6 +154,9 @@ func (osc *OfflineSessionCreate) sqlSave(ctx context.Context) (*OfflineSession,
 		}
 		return nil, err
 	}
+	if _spec.ID.Value != nil {
+		_node.ID = _spec.ID.Value.(string)
+	}
 	return _node, nil
 }
 
diff --git a/storage/ent/db/refreshtoken_create.go b/storage/ent/db/refreshtoken_create.go
index 00d29775d5..43cb71a7ac 100644
--- a/storage/ent/db/refreshtoken_create.go
+++ b/storage/ent/db/refreshtoken_create.go
@@ -333,6 +333,9 @@ func (rtc *RefreshTokenCreate) sqlSave(ctx context.Context) (*RefreshToken, erro
 		}
 		return nil, err
 	}
+	if _spec.ID.Value != nil {
+		_node.ID = _spec.ID.Value.(string)
+	}
 	return _node, nil
 }
 
diff --git a/storage/ent/db/runtime/runtime.go b/storage/ent/db/runtime/runtime.go
index b52d54b64a..f7ad5132c2 100644
--- a/storage/ent/db/runtime/runtime.go
+++ b/storage/ent/db/runtime/runtime.go
@@ -5,6 +5,6 @@ package runtime
 // The schema-stitching logic is generated in github.com/dexidp/dex/storage/ent/db/runtime.go
 
 const (
-	Version = "v0.9.0"                                          // Version of ent codegen.
-	Sum     = "h1:2S1zfpMMW6p+wctj6kcYUprNPNjLWFW06T5MdyAfmWc=" // Sum of ent codegen.
+	Version = "v0.9.1"                                          // Version of ent codegen.
+	Sum     = "h1:IG8andyeD79GG24U8Q+1Y45hQXj6gY5evSBcva5gtBk=" // Sum of ent codegen.
 )