Last updated

Log in using a JWT

You can use a JWT endpoint to seamlessly log users into a portal from your app.


  1. Configure an OIDC identity provider.

    It doesn't have to be a real identity provider but it should implement jwks_uri. Example minimal OIDC config:

      "response_types_supported": [
        "token id_token"
      "jwks_uri": "",
      "issuer": ""
  2. Enable OIDC auth for the portal

    In the portal access settings enable OIDC auth. If your portal is public, then select Allow login with OIDC.

Login flow

Sign a JWT ID token and redirect the user to the following URL:


Replace your-portal-url with the deployment URL of your portal (it can also be a custom domain) and id-token with the token generated.

Requirements for the token:

  • The issuer field MUST match the one configured in IdP settings.
  • The token MUST have both email and sub claims.
  • The alg MUST be RS256.