From 237cb37a11a00ae3836859838f2348380d668e61 Mon Sep 17 00:00:00 2001
From: Ronan McCarter <63772591+rpmccarter@users.noreply.github.com>
Date: Thu, 5 Sep 2024 16:12:44 -0700
Subject: [PATCH 1/3] add jwt example

---
 advanced/user-auth/jwt.mdx | 45 ++++++++++++++++++++++++++++++++++----
 1 file changed, 41 insertions(+), 4 deletions(-)

diff --git a/advanced/user-auth/jwt.mdx b/advanced/user-auth/jwt.mdx
index bbe24d8c0..c4f4c9374 100644
--- a/advanced/user-auth/jwt.mdx
+++ b/advanced/user-auth/jwt.mdx
@@ -15,7 +15,7 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs
     Create a login flow that does the following:
     - Authenticate the user
     - Create a JWT containing the authenticated user's info in the [UserInfo](./sending-data) format
-    - Sign the JWT with the secret
+    - Sign the JWT with the secret, using the ES256 algorithm
     - Create a redirect URL back to your docs, including the JWT as the hash
   </Step>
   <Step title="Configure your User Auth settings">
@@ -25,11 +25,48 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs
 
 ## Example
 
-I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs to be completely separate from my dashboard (or I don’t have a dashboard at all).
+I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs
+to be completely separate from my dashboard (or I don’t have a dashboard at all).
 
-To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow for my users. At the end of this login flow, once I have verified the identity of the user, I create a JWT containing the user’s custom data according to Mintlify’s specification. I sign this JWT with my Mintlify secret, create a redirect URL of the form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user.
+To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a
+JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow
+for my users. At the end of this login flow, once I have verified the identity of the user,
+I create a JWT containing the user’s custom data according to Mintlify’s specification.
+I use a JWT library to sign this JWT with my Mintlify secret, create a redirect URL of the
+form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user.
 
-I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the Login URL field.
+I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the
+Login URL field.
+
+Here's what the code might look like:
+
+```ts
+import * as jose from 'jose';
+import { Request, Response } from 'express';
+
+const TWO_WEEKS_IN_MS = 1000 * 60 * 60 * 24 * 7 * 2;
+
+const signingKey = await jose.importPKCS8(process.env.MINTLIFY_PRIVATE_KEY, 'ES256');
+
+export async function handleRequest(req: Request, res: Response) {
+  const userInfo = {
+    expiresAt: Math.floor((Date.now() + TWO_WEEKS_IN_MS) / 1000),
+    groups: res.locals.user.groups,
+    content: {
+      firstName: res.locals.user.firstName,
+      lastName: res.locals.user.lastName,
+    },
+  };
+
+  const jwt = await new jose.SignJWT(userInfo)
+    .setProtectedHeader({ alg: 'ES256' })
+    .setExpirationTime('30 s')
+    .sign(signingKey);
+
+  return res.redirect(`https://ronantest.mintlify.review#${jwt}`);
+}
+
+```
 
 ## Preserving Anchors
 

From 49be298783e2a598b0f67624ef6bd86faf324717 Mon Sep 17 00:00:00 2001
From: Ronan McCarter <63772591+rpmccarter@users.noreply.github.com>
Date: Thu, 5 Sep 2024 16:14:19 -0700
Subject: [PATCH 2/3] update code snippet to match recommendation

---
 advanced/user-auth/jwt.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/advanced/user-auth/jwt.mdx b/advanced/user-auth/jwt.mdx
index c4f4c9374..dbb13b766 100644
--- a/advanced/user-auth/jwt.mdx
+++ b/advanced/user-auth/jwt.mdx
@@ -60,7 +60,7 @@ export async function handleRequest(req: Request, res: Response) {
 
   const jwt = await new jose.SignJWT(userInfo)
     .setProtectedHeader({ alg: 'ES256' })
-    .setExpirationTime('30 s')
+    .setExpirationTime('10 s')
     .sign(signingKey);
 
   return res.redirect(`https://ronantest.mintlify.review#${jwt}`);

From 1dd87cddd31e2fcf938141ca8872cc7456ff23d8 Mon Sep 17 00:00:00 2001
From: Ronan McCarter <63772591+rpmccarter@users.noreply.github.com>
Date: Thu, 5 Sep 2024 16:19:04 -0700
Subject: [PATCH 3/3] Update advanced/user-auth/jwt.mdx

Co-authored-by: Mayank Shouche <43075711+mayankshouche@users.noreply.github.com>
---
 advanced/user-auth/jwt.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/advanced/user-auth/jwt.mdx b/advanced/user-auth/jwt.mdx
index dbb13b766..1543ee527 100644
--- a/advanced/user-auth/jwt.mdx
+++ b/advanced/user-auth/jwt.mdx
@@ -63,7 +63,7 @@ export async function handleRequest(req: Request, res: Response) {
     .setExpirationTime('10 s')
     .sign(signingKey);
 
-  return res.redirect(`https://ronantest.mintlify.review#${jwt}`);
+  return res.redirect(`https://docs.foo.com#${jwt}`);
 }
 
 ```