Log in using a JWT

You can use a JWT endpoint to seamlessly log users into a portal from your app.


  1. Configure an OIDC identity provider .

    It doesn't have to be a real identity provider but it should implement jwks_uri. Example minimal OIDC config:

     "response_types_supported": [
       "token id_token"
     "jwks_uri": "https://example.com/.well-known/jwks.json",
     "issuer": "https://example.com/auth"
  2. Enable OIDC auth for the portal

    In the portal access settings enable OIDC auth. If your portal is public, then select Allow login with OIDC.

Login flow

Sign a JWT ID token and redirect the user to the following URL:


Replace your-portal-url with the deployment URL of your portal (it can also be a custom domain) and id-token with the token generated.

Requirements for the token:

  • The issuer field MUST match the one configured in IdP settings.
  • The token MUST have both email and sub claims.
  • The alg MUST be RS256 .