AnnounceKit logo

JWT User Authentication

JWT is one of the convenient way to authenticate users with external apps. AnnounceKit supports JSON Web Tokens for authenticating a user via widget and standalone public feed.

1. Get your secret key

Firstly, you need to get a secret key that will encrypt the payload user data. Remember, this key is secret, and you should only use it from the server-side of your application.

2. Generate tokens on your server

Now you can generate an encrypted token user_token, which consists of user properties id, name, email. Make sure the HS256 encryption algorithm is used and included in JWT Header. You can use any library suitable with your codebase.

3. Authenticate the user

Now, as you have the encrypted user_token you can pass it within your widget configuration or as user_token query parameter inside your standalone newsfeed URL.
https://announcekit.app/acmeco/updates?user_token=eyJhbGciOiJIU6IkpXVCJ9.ey...

Optional Step

Suppose some non-authenticated visitor tries to access your standalone public feed. In that case, you can redirect the visitor to your application to request login/authenticate, then redirect back to the standalone feed page and make sure that the visitor has access.

In the JWT Setting section, you can set the Login Redirect URL. That URL should point to your application route that generates the JWT token mentioned in Step 2. After generating the token, you can get the redirect_url parameter, the standalone feed page URL and combine them with generated user_token.