Using Memberstack 2.0? There is an updated community forum post here.
Verify Memberstack token signatures using a JWT Library.
Memberstack uses JWT tokens to store a member's session while they are logged in. You can use the token in your own API to identify the user.
Important: Please verify the signature of the token to confirm that Memberstack was the party that created it.
You can use
MemberStack.getToken() client side to retrieve the token that Memberstack set for the member (will be empty if a member is not logged in). You can pass that token to your own API.
Please verify the token has the following properties.
"kid" "Must match a key found at https://api.memberstack.io/metadata/v1/public-keys"
You can now verify the token was signed by a private key corresponding to the token's
You can find public keys at https://api.memberstack.io/metadata/v1/public-keys