Authentication 🕵️

Authentication 🕵️

Integrate Stackprint with your identity provider to protect access to your API.

Stackprint supports authenticating requests to your API based on JSON Web Tokens. That allows you to integrate with your own JWT-based identity management solution or use an external identity provider such as Auth0. To enable this option, enable the Allow JWT Authentication toggle when creating up your API.

Select algorithm and secret

Next, you will have to select the algorithm your JWT provider uses to sign tokens. Generally, there are two types of algorithms:

RS256 is an asymmetric signing algorithm, which means that token signatures are created using a private key only known to your identity provider. Tokens can then be verified with a public key, typically provided through a JWKS-URL, which you will have to provide in the next field.

HS256, HS384 and HS512 are symmetric signing algorithms. Here your identity provider creates the token's signature with a shared secret key. The validity of a JWT can only be verified with that same key, which is why you have to provide it in the next field when selecting any of these algorithms.

Set identity fields

When a user accesses one of the resources your API provides, Stackprint performs permission checks based on the user's Identity. In the next section, you can specify which fields of the user's JWT claims map to the standardized fields of an Identity that can be used for permission checks. The fields of an Identity are:

User: The unique user identifier. If you are using a standard JWT format, this should be derived from the sub claim.

Organisation: The identifier of the organisation the user is part of. This field is optional.

Admin: If the user is an administrator. Administrators have access to all API resources. This field is optional.