Log in using a JWT

You can use a JWT endpoint to seamlessly log users into a portal from your app.

Prerequisites

  1. Configure an OIDC identity provider .

    It doesn't have to be a real identity provider but it should implement jwks_uri. Example minimal OIDC config:

    Copy
    Copied
    {
     "response_types_supported": [
       "token id_token"
     ],
     "jwks_uri": "https://example.com/.well-known/jwks.json",
     "issuer": "https://example.com/auth"
    }
  2. Enable OIDC auth for the portal

    In the portal access settings enable OIDC auth. If your portal is public, then select Allow login with OIDC.

Login flow

Sign a JWT ID token and redirect the user to the following URL:

https://<your-portal-url>/_auth/oidc#id_token=<id-token>

Replace your-portal-url with the deployment URL of your portal (it can also be a custom domain) and id-token with the token generated.

Requirements for the token:

  • The issuer field MUST match the one configured in IdP settings.
  • The token MUST have both email and sub claims.
  • The alg MUST be RS256 .