Server-side verification
When an end user connects their wallet, you, the developer, get a JSON Web Token (JWT) that can be used to verify some claims about the end user, notably a proof of ownership over a wallet public address.
Upon authentication, we generate a JWT signed with a private key (using RS256 algorithm) that is unique to you. In turn, you can use the associated public key (found in the API tab of your developer dashboard) to ensure that the token is authentic and hasn’t been tampered with. In other words, if a JWT issued by Dynamic can be successfully verified with your public key, the information it contains can be trusted.
You can do this in multiple ways.
Option 1: Leverage NextAuth
If you are using Next.js, you can easily integrate the NextAuth library with Dynamic to perform server-side verification and then use a session client-side.
Option 2: Leverage Passport.js
We offer an official passport-dynamic extension.
Option 3: Do-It-Yourself Verification
- Install the node-jsonwebtoken package
- Obtain your public key from Dynamic’s API dashboard or through our /keys API endpoint.
- Get the JWT through the Dynamic SDK with an authToken.
- Send the authToken to the server as a Bearer token
- Validate the JWT on your server by fetching the public key from the JWKS endpoint and verifying the encoded JWT against the public key:
This uses the following libraries:
- jwks-rsa: Provides client to interact and parse JWKS key signing data for a JWT.
- jsonwebtoken: Provides library to encode/decode and validate a JWT token.
Was this page helpful?