Verifying Memberstack Tokens

Article author
Josh Lopez
  • Updated

Using Memberstack 2.0? There is an updated community forum post here.

Verify Memberstack token signatures using a JWT Library.

Memberstack uses JWT tokens to store a member's session while they are logged in. You can use the token in your own API to identify the user.

 

Important: Please verify the signature of the token to confirm that Memberstack was the party that created it.

 

Steps

You can use MemberStack.getToken() client side to retrieve the token that Memberstack set for the member (will be empty if a member is not logged in). You can pass that token to your own API.

 

Please verify the token has the following properties.

 

Token Header

 

{
"alg":"RS256",
"kid" "Must match a key found at https://api.memberstack.io/metadata/v1/public-keys"
}

 

Token Payload

 

{
"id": "...",
"email": "...",
"site": "...",
"iat": 1600307139,
"exp": 1600907139
}

 

You can now verify the token was signed by a private key corresponding to the token's kid claim.

 

You can find public keys at https://api.memberstack.io/metadata/v1/public-keys

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.