Learn about Hall and find an answer to your question

User authentication

Automatically log your users into your embedded community as members.

This requires signing a JSON Web Token (JWT) with your app secret (see Getting started for info on obtaining yours) so that only your server can authenticate users.

Join our community if you need more details or support.

JSON Web Token

Once you have your app secret, you need to sign a token on your server that matches the shape below. The details should correspond to your logged in user's details.

  "sub": "user@example.com",
  "name": "Name", // optional, populates profile on first login
  "image": "https://example.com/user/avatar.png" // optional, populates profile on first login

There are many libraries that you can pick from for your backend programming language — you can see a list of recommended ones by Auth0 / Okta. If you want to generate and debug tokens for testing, try the JWT.io debugger by Auth0 / Okta.


Here is an example of signing your token using a Node.js and the jose NPM package.

import { SignJWT } from "jose";

const jwt = await new SignJWT({
  sub: "user@email.com",
  name: "Name",
  image: "https://yourapp.com/user/avatar",
  .setProtectedHeader({ alg: "HS256", type: "JWT" })
  .sign(new TextEncoder().encode(process.env.HALL_APP_SECRET));


Given that you need to sign the token on your server, the way you use the token depends on whether or not you are rendering your application server-side or client-side. See examples for your chosen integration:

Ask in our community

Question not answered? Ask us and other customers in the Hall customer community.

Go to community

Contact support

Message our support team privately to discuss anything specific to your organization.

Contact support