Verifying Memberstack JWT token Answered
Hello,
I would need to verify the Memberstack JWT token like described here (I want to use the token to authenticate the requests sent by the user on one of our APIs). However, the public key ID returned by https://api.memberstack.io/metadata/v1/public-keys (d763*******************************) does not match the key ID provided in the JWT (6f657**********************************************************).
Where can I find the public key used to sign the Memberstack JWT ?
Best regards.
Comments
6 comments
Hey Julien 👋 Our team is away for the holidays, but I'm going to pass this along to the eng team as soon as they are back. You can expect a reply by the end of next week.
Julien Brodier Thanks for the patience, I hope you had a great holiday!
Can you confirm which version of Memberstack you are using? I assume 2.0, but the docs you linked are for 1.0.
If it's 2.0, you can only verify JWTs on the back end. Our client packages or client REST APIs do not provide that functionality.
Hello,
Thanks for your reply, I hope you had a great holiday too!
Yes, we are using version 2.0. For our use case, it is fine to verify the user JWT on the backend. I assume we have to use the admin API you linked to.
However, in the Verification section, it says "Webhook & JWT verification methods cannot be performed via REST API at the moment", does this mean the only option is to use the JavaScript admin API (@memberstack/admin)? We have a Java backend, so it would be easier for us to be able to call a REST API, but if there is no other way, we can add a JavaScript component to call your API.
Best regards.
I'm going to follow up with another member of team tomorrow 👍 I'll do my best to get you an answer ASAP.
Hey Julien, checking with the team again today. Apologies for the delay.
Here's our public key URL for v2!
http://member-jwt.s3-website-us-east-1.amazonaws.com
Please sign in to leave a comment.