useExternalAuth
, to allow sign-in or linking with an external 3rd party JWT by exchanging it for a Dynamic JWT. This will return Dynamic’s standard sign-in artifacts (ie, minified JWT and user).
At a high level, this will do the following steps:
iss
(issuer) JWT claim. If the value of this field deviates from that is provided in the project environment’s configuration, we will reject the JWT.sub
(subject, or user ID) field be provided. These will correspond to the your user ID. These will be mapped to the similar user model in Dynamic.exp
(expires at) JWT claim from external JWT. Dynamic will ensure that this exp
claim is respected with timeouts on the SDK.externalAuth
, letting us know that the user has an external authentication mechanism they used to verify their account. This should have externalUserId
with the value of the JWT’s sub
.iss
(required): Standard JWT claim for the “issuer” of the JWT. This should be the entity that issued the token. This is typically a URL, but can be a valid constant string.jwksUrl
(required): This is a publicly-accessible URL that returns the JWT’s signer public key in the standard JWKS format. This is used to verify the signatures of your JWTs.aud
(optional): Standard JWT claim for the “audience” of the JWT. This should be the intended recipient of the token. This is typically a URL, but can be a valid constant string.cookieName
(optional): For clients that use cookie-based authentication for their 3rd party auth and who have no acccess to the raw JWT on the frontend, we provide a way for clients to specify the cookie name to expect the JWT to be stored.signInWithExternalJwt
method from the useExternalAuth
hook.