Custom JWT Authentication
3-4 hours
Unit can rely on a custom implementation of JWT token that adheres to the specifications outlined in RFC 7519.
In this case you should provide Unit with a public key that will be used to validate the token.
The token must be signed using the RS256 algorithm and must include the following claims:
| Claim | Description |
|---|---|
sub | A unique identifier for the end-user |
exp | The expiration time of the token |
iss | The issuer of the token |
JWT Authentication Troubleshooting:
If you receive an error, ensure the following:
- You're using the Sandbox (ui.s.unit.sh) or Production (ui.unit.co) script matching your environment.
- Decode your token. The
issmatches the Issuer you configured in the Dashboard and thesubvalue is a string (stable user id). The token is still valid, with anexpin the future. The header includesalg: RS256and a validkid. - The Public Key was entered into the Unit Dashboard correctly, and is the correct one for the provided token. The
kidin the JWT matches one in your uploaded Public Key or JWKs. - The cache has been cleared (localStorage keys
unitCustomerTokenandunitVerifiedCustomerToken). - The
jwt-tokenvalue is present before the component initializes.