Learn
This document describes the authentication flow for closed loop wallets using JWT (JSON Web Tokens) with the Okto SDK. Learn how to implement secure user authentication using your existing JWT infrastructure integrated with Okto's systems.
What is JWT Authentication?
JWT (JSON Web Tokens) authentication is a secure method of transmitting information between parties as a JSON object. For closed loop wallets, this allows you to:
- Use your existing authentication system
- Maintain full control over user authentication
- Seamlessly integrate with Okto's infrastructure
- Enable secure token-based authentication
- Manage user sessions effectively
Implementation Overview
Note
JWT authentication is currently only available via API integration. This feature is not available through the SDK.
To implement JWT Authentication in your application, you'll need to complete these steps:
- Set up JWT Verification - Configure JWT verification with Okto
- Implement Authentication - Generate and validate JWT tokens within your system
- Create Verification Endpoint - Set up an API endpoint for token verification
Vendor Requirements
- Create a JWT token that includes user identification (
user_id). - Provide an API endpoint that Okto can call to verify and retrieve the
user_idusing the JWT token.
Request of the API should be like:
Request Headers:
Expected Response:
Submit Your Integration Details
Ready to move forward with your JWT authentication integration? Please fill out the form below to confirm your setup and share the required details.
Authentication Flow
Sequence Diagram
The sequence diagram illustrates the following steps:
1. Prerequisite Setup
Before implementing JWT authentication, you need to set up a JWT verify function with Okto. This is a crucial first step that establishes the foundation for secure token verification and user authentication.
2. JWT Token Generation
The process begins when the vendor's system generates a JWT token for their user. This token serves as the primary authentication credential and contains the necessary user identification data, securely signed with the vendor's private key.
Sample JWT Payload:
3. Authentication Request
The client application initiates the authentication process by invoking the Auth method using the generated JWT token. This token is passed to the Okto SDK, which handles the formatting and forwarding of the authentication request to the Okto Server.
4. Token Verification
Upon receiving the JWT token, the Okto Server invokes the predetermined verify function with the token. This step validates the token's authenticity and signature, ensuring the request comes from a legitimate source and retrieves the associated user data.
5. User Management
After successful token validation, Okto verifies the authentication success and checks if an account exists for the user. If no account is found, a new user is created in the system. Finally, an Okto authentication token is generated and returned to the client application, establishing a secure session.
Why Use JWT Authentication?
Using JWT tokens adds an additional layer of security to your system:
- Improved Security: If the vendor's API key is compromised, attackers cannot access user funds without the individual JWT tokens, which are user-specific and generated within the vendor's application.
- Reduced Attack Surface: Since JWT tokens are not stored anywhere and are different for each user, attackers cannot target or drain the funds of all users simultaneously.
Conclusion
This authentication flow provides a secure way to integrate your existing JWT-based authentication system with Okto's infrastructure. By following the implementation guides, you can maintain control over your authentication while leveraging Okto's powerful features for closed loop wallets.