User authentication
Automatically log your users into your embedded community as members.
This requires signing a JSON Web Token (JWT) with your app secret (see Getting started for info on obtaining yours) so that only your server can authenticate users.
Join our community if you need more details or support.
JSON Web Token
Once you have your app secret, you need to sign a token on your server that matches the shape below. The details should correspond to your logged in user's details.
{
"sub": "user@example.com",
"name": "Name", // optional, populates profile on first login
"image": "https://example.com/user/avatar.png" // optional, populates profile on first login
}
There are many libraries that you can pick from for your backend programming language — you can see a list of recommended ones by Auth0 / Okta. If you want to generate and debug tokens for testing, try the JWT.io debugger by Auth0 / Okta.
Examples
Here is an example of signing your token using a Node.js and the jose NPM package.
import { SignJWT } from "jose";
const jwt = await new SignJWT({
sub: "user@email.com",
name: "Name",
image: "https://yourapp.com/user/avatar",
})
.setProtectedHeader({ alg: "HS256", type: "JWT" })
.sign(new TextEncoder().encode(process.env.HALL_APP_SECRET));
Usage
Given that you need to sign the token on your server, the way you use the token depends on whether or not you are rendering your application server-side or client-side. See examples for your chosen integration: