XpansionChain
  • Overview of XpansionChain
    • What is it?
    • What are its layer 2 solutions?
    • What can you build on it ?
    • Fees
  • Launch a collection
    • Overview
    • Smart contract requirements for minting on layer 2
    • 1. Register as a user
    • 2. Register a project
    • 3. Register a collection
    • 4. Register collection metadata schema
  • Guides
    • Overview
    • Basic guides
      • Install and initialize
      • Get data
        • Projects
        • Collections
        • Assets
        • Orders
        • Transfers​
        • Tokens
        • Trades
        • Users
      • Generate signers
      • Register users
      • Creating orders
      • Creating trades
      • Mint assets
      • Asset transfers
      • Asset deposits and withdrawals
      • Crypto on and off-ramps
  • Advanced guides
    • Burn assets
    • Refresh asset metadata
    • Withdraw payouts
    • Maker taker fees
    • NFT primary sale card checkout
      • Set up required endpoints
      • Implement primary sale card checkout feature
    • Design guides
    • JS SDK
      • Overview
      • Install and configure
      • Account management
      • Personal inventory
      • Marketplaces
      • Collection sample
      • Minting with royalties
      • NodeJS 16.x migration
    • Link SDK
      • Overview
      • Link.setup
      • Link.transfer
      • Link.batchNftTransfer
      • Link iFrame Support
      • Link.buy
      • Link.prepareWithdrawal
      • Link.completeWithdrawal
      • Link.sell and ERC20 support
      • Link.deposit
      • Link.sign
      • Link.onramp
      • Link.offramp
      • Link Easy Login
      • Link Errors
      • Link.nftCheckoutPrimary
      • Link Events
      • Offers
        • Link.makeOffer
        • Link.cancelOffer
        • Link.acceptOffer
    • Quickstart tutorials
      • NFT minting tutorial
  • Products
    • Passport
      • Install and configure
        • Register your application
        • Install and initialise
        • Enable user login
        • Log out a user
      • Enable user identity
        • Get user information
        • Get and validate JWTs
      • Enable user wallet interactions
        • IMX Provider
        • Choose the right integration
        • Transaction confirmations
        • Guides
          • Transfer
  • SDKs
    • XpansionChain SDK - Typescript
    • Unity SDK
    • CORE SDK
      • Typescript
      • Golang
      • C#
      • Kotlin
      • Swift
    • Wallet SDK
      • WEB
      • Android
      • iOS
  • Key concepts
    • Anatomy of a smart contract
    • Deep dive into minting
    • Deep dive into metadata
    • Deep dive into royalties
    • Deep dive into deposits and withdrawals
    • Deep dive into API concepts
  • Troubleshooting
    • API
      • error codes
      • hangelog
      • rate limits
    • FAQ
    • Webpack 5 errors
    • Token data object
  • Resources
Powered by GitBook
On this page
  • Get and validate JWTs
  • How to get JWTs?​
  • How to validate JWTs?​
  1. Products
  2. Passport
  3. Enable user identity

Get and validate JWTs

Get and validate JWTs

This guide explains how to get and validate JSON Web Tokens (JWTs) issued by Passport when using it as your primary authentication service.

Pre-requisites​

  • The user must be logged into your application via Passport

How to get JWTs?​

Once a user successfully authenticates in your application, Passport will issue an ID token and access token. You can get the JWT are follows:

const accessToken: string | undefined = await passport.getAccessToken();
const idToken: string | undefined = await passport.getIdToken();
Token type
Description

Access Token

Access tokens are internally used by the SDK to perform actions on the XpansionChain API on behalf of the user. Most applications won't use this explicitly.

ID Token

ID tokens identify Passport users.

Once you base64-decode an ID token and deserialize it, it will have the following structure:

interface IDToken {
    "iss": string // Issuer domain:   
    "aud": string // Your Passport client ID  
    "iat": number, // UNIX timestamp when the token was issued  
    "exp": number, // UNIX timestamp when the token expires
    "sub": string, // User identifier  
    "sid": string // Session identifier  
}

You can rely on the sub attribute to uniquely identify Passport user.

How to validate JWTs?​

If you are using Passport's ID tokens to identify users in your backend, simply base64 decoding a token and reading the sub claim is not sufficient to guarantee that the user is who they claim they are.

JWTs can be cryptographically verified by using the issuer’s (XpansionChain) public key which ensures that the token was in fact signed with XpansionChain's private key. Passport uses the RS256 algorithm to sign the tokens.

You can fetch the JSON web key set containing the public key using the jwks_uri endpoint and use a trusted open-source JWT verification library to verify the tokens. You may choose to cache the public key in your application for performance reasons, but we don't recommend caching it for longer than 1 hour, as the signing keys may be rotated from time to time.

JWKs URIs​

Environment
URI

Production

https://auth.XpansionChain.com/.well-known/jwks.json

Sandbox

https://auth.XpansionChain.com/.well-known/jwks.json

PreviousGet user informationNextEnable user wallet interactions

Last updated 1 year ago