Skip to content

docs: jwt signing example #268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 5, 2024
Merged

docs: jwt signing example #268

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
237cb37
add jwt example
rpmccarter Sep 5, 2024
49be298
update code snippet to match recommendation
rpmccarter Sep 5, 2024
1dd87cd
Update advanced/user-auth/jwt.mdx
rpmccarter Sep 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 41 additions & 4 deletions advanced/user-auth/jwt.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs
Create a login flow that does the following:
- Authenticate the user
- Create a JWT containing the authenticated user's info in the [UserInfo](./sending-data) format
- Sign the JWT with the secret
- Sign the JWT with the secret, using the ES256 algorithm
- Create a redirect URL back to your docs, including the JWT as the hash
</Step>
<Step title="Configure your User Auth settings">
Expand All @@ -25,11 +25,48 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs

## Example

I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs to be completely separate from my dashboard (or I don’t have a dashboard at all).
I want to set up authentication for my docs hosted at `docs.foo.com`. I want my docs
to be completely separate from my dashboard (or I don’t have a dashboard at all).

To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow for my users. At the end of this login flow, once I have verified the identity of the user, I create a JWT containing the user’s custom data according to Mintlify’s specification. I sign this JWT with my Mintlify secret, create a redirect URL of the form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user.
To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a
JWT secret. I create a web URL `https://foo.com/docs-login` that initiates a login flow
for my users. At the end of this login flow, once I have verified the identity of the user,
I create a JWT containing the user’s custom data according to Mintlify’s specification.
I use a JWT library to sign this JWT with my Mintlify secret, create a redirect URL of the
form `https://docs.foo.com#{SIGNED_JWT}`, and redirect the user.

I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the Login URL field.
I then go to the Mintlify dashboard settings and enter `https://foo.com/docs-login` for the
Login URL field.

Here's what the code might look like:

```ts
import * as jose from 'jose';
import { Request, Response } from 'express';

const TWO_WEEKS_IN_MS = 1000 * 60 * 60 * 24 * 7 * 2;

const signingKey = await jose.importPKCS8(process.env.MINTLIFY_PRIVATE_KEY, 'ES256');

export async function handleRequest(req: Request, res: Response) {
const userInfo = {
expiresAt: Math.floor((Date.now() + TWO_WEEKS_IN_MS) / 1000),
groups: res.locals.user.groups,
content: {
firstName: res.locals.user.firstName,
lastName: res.locals.user.lastName,
},
};

const jwt = await new jose.SignJWT(userInfo)
.setProtectedHeader({ alg: 'ES256' })
.setExpirationTime('10 s')
.sign(signingKey);

return res.redirect(`https://docs.foo.com#${jwt}`);
}

```

## Preserving Anchors

Expand Down