The xkit Developer Hub

Welcome to the xkit developer hub. You'll find comprehensive guides and documentation to help you start working with xkit as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Custom Token Issuer

Using your own JWT issuer to authenticate users with Xkit

If you already use a JWT or OpenID-based authentication mechanism (e.g. using Auth0, AWS Cognito, or Firebase), you can use your existing User Tokens with Xkit (or generate new tokens just for use with Xkit).

To do so, you'll need a few pieces of information about your tokens:

  • The contents of the iss (issuer) claim
  • The contents of the aud (audience) claim (optional)
  • The claim that uniquely identifies your user (usually the sub [subject] claim)
  • A claim with a friendlier name for your user (e.g. an email) (optional)
  • The claim that identifies the group your user belongs to (optional)
  • The JSON Web Key Set (JWKS) URL used to sign the JWT.

To set up your tokens for use with Xkit, go to the Settings page, and scroll down to the "User Tokens" section. Click on "Add Custom Issuer" under the Custom Issuers section, and provide the information requested. Click "Save" and your custom issuer will be active, allowing users to log into Xkit with your tokens.

The User ID Claim

In order to use your token to provision and authenticate your user, we need to know which one of the claims on the token is that user's unique identifier. For many tokens this is the sub (subject) claim, but some tokens contain custom claims like user_id.

It's important to note that the contents of this claim will serve as the user's external_id elsewhere in the Xkit service. So if for any reason it is in a different format, that's the format you'll need to use when you are communicating with Xkit about that user.

The Group ID Claim

If you are using the User Groups feature to share connections between your users, we need to know which group this user is a part of. This will likely be a custom claim on your token.

The contents of this field will be used in the Get Group Connection endpoint to retrieve tokens for this group.

Other ways to provide keys

Currently the only way to provide keys that serve as signers for your Custom Issuer is as a JWKS URL as defined in RFC 7517. If you have keys in another format that you would like to use, please Contact Support.

Xkit-issued Tokens

Note that Xkit will still issue its own tokens to users after they are authenticated, so there is no guarantee that the token in use by an Xkit library will be a token issued by your Custom Issuer.

Updated 5 months ago

What's Next


Custom Token Issuer

Using your own JWT issuer to authenticate users with Xkit

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.