JWT Authentication
Enable advanced security for client-side API Keys
JWT-based authentication is a mechanism in which you can authorize a call to a Crossmint API, scoping such calls to impact resources related to a single end-user on your platform. You have three options available when enabling this option.
- Crossmint Authentication - With an easy to use react SDK you can add user creation and authentication to your application. Crossmint handles the generation of JWTs and you’re able to quickly create a robust application with user access controls.
- Third Party Authentication providers - There are several quality authentication providers in the market and you may already be using one of them. You can continue to use your existing auth tooling and enable Smart Wallets on top of them with minimal changes.
- Custom JWT - This option is for providers not yet included with turn-key support or custom built solutions where you issue your own JWTs. You must be able to provide a JWKS endpoint to enable Crossmint to authenticate tokens.
Crossmint Authentication
This option makes the most sense if you’re starting a new application and do not have a pre-existing auth provider. You may also want to swap out your existing auth provider if you wish to consolidate your API providers and handle everything with Crossmint.
To use this option, select the Crossmint Auth option within the JWT Authentication section of the API keys page in the Developer Console.
Third Party Authentication
For projects that have already implemented authentication using one of the supported providers, you can provide Crossmint with the appropriate project/environment/app ID from the settings page of the third party. Supported providers include: Dynamic, Auth0, Stytch, Privy, and Firebase.
To use this option, select the 3P Auth providers option, then choose your provider from the dropdown. Next, you’ll need to find the appropriate ID that your provider gives you to identify your project. This can typically be found within the settings pane of their web interface.
Custom JWT Auth
If your project is using an auth provider not listed in the 3P providers list or is a home-grown JWT solution, you can choose the Custom tokens option. You will need to be able to provide a that Crossmint can use to authenticate the JWTs.
For a detailed guide on implementing this approach, check out the Custom JWT Authentication Guide.