diff --git a/advanced/user-auth/jwt.mdx b/advanced/user-auth/jwt.mdx index bbe24d8c0..1543ee527 100644 --- a/advanced/user-auth/jwt.mdx +++ b/advanced/user-auth/jwt.mdx @@ -15,7 +15,7 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs Create a login flow that does the following: - Authenticate the user - Create a JWT containing the authenticated user's info in the [UserInfo](./sending-data) format - - Sign the JWT with the secret + - Sign the JWT with the secret, using the ES256 algorithm - Create a redirect URL back to your docs, including the JWT as the hash @@ -25,11 +25,48 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs ## Example -I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs to be completely separate from my dashboard (or I don’t have a dashboard at all). +I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs +to be completely separate from my dashboard (or I don’t have a dashboard at all). -To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow for my users. At the end of this login flow, once I have verified the identity of the user, I create a JWT containing the user’s custom data according to Mintlify’s specification. I sign this JWT with my Mintlify secret, create a redirect URL of the form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user. +To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a +JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow +for my users. At the end of this login flow, once I have verified the identity of the user, +I create a JWT containing the user’s custom data according to Mintlify’s specification. +I use a JWT library to sign this JWT with my Mintlify secret, create a redirect URL of the +form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user. -I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the Login URL field. +I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the +Login URL field. + +Here's what the code might look like: + +```ts +import * as jose from 'jose'; +import { Request, Response } from 'express'; + +const TWO_WEEKS_IN_MS = 1000 * 60 * 60 * 24 * 7 * 2; + +const signingKey = await jose.importPKCS8(process.env.MINTLIFY_PRIVATE_KEY, 'ES256'); + +export async function handleRequest(req: Request, res: Response) { + const userInfo = { + expiresAt: Math.floor((Date.now() + TWO_WEEKS_IN_MS) / 1000), + groups: res.locals.user.groups, + content: { + firstName: res.locals.user.firstName, + lastName: res.locals.user.lastName, + }, + }; + + const jwt = await new jose.SignJWT(userInfo) + .setProtectedHeader({ alg: 'ES256' }) + .setExpirationTime('10 s') + .sign(signingKey); + + return res.redirect(`https://docs.foo.com#${jwt}`); +} + +``` ## Preserving Anchors