docs: jwt signing example (#268)

rpmccarter · mayankshouche · web-flow · commit 431396c6da05 · 2024-09-05T16:21:58.000-07:00
* add jwt example

* update code snippet to match recommendation

* Update advanced/user-auth/jwt.mdx

Co-authored-by: Mayank Shouche &lt;43075711+mayankshouche@users.noreply.github.com&gt;

---------

Co-authored-by: Mayank Shouche &lt;43075711+mayankshouche@users.noreply.github.com&gt;
diff --git a/advanced/user-auth/jwt.mdx b/advanced/user-auth/jwt.mdx
@@ -15,7 +15,7 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs
     Create a login flow that does the following:
     - Authenticate the user
     - Create a JWT containing the authenticated user's info in the [UserInfo](./sending-data) format
-    - Sign the JWT with the secret
+    - Sign the JWT with the secret, using the ES256 algorithm
     - Create a redirect URL back to your docs, including the JWT as the hash
   </Step>
   <Step title="Configure your User Auth settings">
@@ -25,11 +25,48 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs
 
 ## Example
 
-I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs to be completely separate from my dashboard (or I don’t have a dashboard at all).
+I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs
+to be completely separate from my dashboard (or I don’t have a dashboard at all).
 
-To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow for my users. At the end of this login flow, once I have verified the identity of the user, I create a JWT containing the user’s custom data according to Mintlify’s specification. I sign this JWT with my Mintlify secret, create a redirect URL of the form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user.
+To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a
+JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow
+for my users. At the end of this login flow, once I have verified the identity of the user,
+I create a JWT containing the user’s custom data according to Mintlify’s specification.
+I use a JWT library to sign this JWT with my Mintlify secret, create a redirect URL of the
+form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user.
 
-I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the Login URL field.
+I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the
+Login URL field.
+
+Here's what the code might look like:
+
+```ts
+import * as jose from 'jose';
+import { Request, Response } from 'express';
+
+const TWO_WEEKS_IN_MS = 1000 * 60 * 60 * 24 * 7 * 2;
+
+const signingKey = await jose.importPKCS8(process.env.MINTLIFY_PRIVATE_KEY, 'ES256');
+
+export async function handleRequest(req: Request, res: Response) {
+  const userInfo = {
+    expiresAt: Math.floor((Date.now() + TWO_WEEKS_IN_MS) / 1000),
+    groups: res.locals.user.groups,
+    content: {
+      firstName: res.locals.user.firstName,
+      lastName: res.locals.user.lastName,
+    },
+  };
+
+  const jwt = await new jose.SignJWT(userInfo)
+    .setProtectedHeader({ alg: 'ES256' })
+    .setExpirationTime('10 s')
+    .sign(signingKey);
+
+  return res.redirect(`https://docs.foo.com#${jwt}`);
+}
+
+```
 
 ## Preserving Anchors
 
