JWT Handshake
Use a customized login flow to authenticate users
This is the documentation for the JWT Personalization Handshake. The steps for setting up the JWT Authentication Handshake are slightly different.
If you don’t have a dashboard, or if you want to keep your dashboard and docs completely separate, you can use your own login flow to send user info to your docs via a JWT in the URL.
Implementation
Generate a private key
Go to your Mintlify dashboard settings and generate a private key. Store this key somewhere secure where it can be accessed by your backend.
Create a login flow
Create a login flow that does the following:
- Authenticate the user
- Create a JWT containing the authenticated user’s info in the UserInfo format
- Sign the JWT with the secret key, using the EdDSA algorithm
- Create a redirect URL back to your docs, including the JWT as the hash
Configure your Personalization settings
Return to your Mintlify dashboard settings and add the login URL to your Personalization settings.
Example
I want to set up authentication for my docs hosted at docs.foo.com
. I want my docs
to be completely separate from my dashboard (or I don’t have a dashboard at all).
To set up authentication with Mintlify, I go to my Mintlify dashboard and generate a
JWT secret. I create a web URL https://foo.com/docs-login
that initiates a login flow
for my users. At the end of this login flow, once I have verified the identity of the user,
I create a JWT containing the user’s custom data according to Mintlify’s specification.
I use a JWT library to sign this JWT with my Mintlify secret, create a redirect URL of the
form https://docs.foo.com#{SIGNED_JWT}
, and redirect the user.
I then go to the Mintlify dashboard settings and enter https://foo.com/docs-login
for the
Login URL field.
Here’s what the code might look like:
Preserving Anchors
Post-login, if you’d like to redirect to a specific anchor on the page, you can use the following format to create the redirect URL: https://docs.foo.com/page#jwt={SIGNED_JWT}&anchor={ANCHOR}
.
Example:
- Original:
https://docs.foo.com/quickstart#step-one
- Redirect:
https://docs.foo.com/quickstart#jwt={SIGNED_JWT}&anchor=step-one
Was this page helpful?