Last updated

Log in using a JWT

No new signups

Looking for Realm documentation? These documentation are for our old developer portal. Realm users should contact their account manager for details of the early access documentation.

You can use a JWT endpoint to seamlessly log users into a portal from your app.


  1. Configure an OIDC identity provider.

    It doesn't have to be a real identity provider but it should implement jwks_uri. Example minimal OIDC config:

      "response_types_supported": [
        "token id_token"
      "jwks_uri": "",
      "issuer": ""
  2. Enable OIDC auth for the portal

    In the portal access settings enable OIDC auth. If your portal is public, then select Allow login with OIDC.

Login flow

Sign a JWT ID token and redirect the user to the following URL:


Replace your-portal-url with the deployment URL of your portal (it can also be a custom domain) and id-token with the token generated.

Requirements for the token:

  • The issuer field MUST match the one configured in IdP settings.
  • The token MUST have both email and sub claims.
  • The alg MUST be RS256.