Yes! You can simply use Magic for authentication, and your own JWT implementation for authorization.
Here's high-level how JWT would work with Magic:
User logs in with Magic, you're returned the DID token
Validate the DID token in your backend with our admin-sdk magic.token.validate(did) method
Call our admin-sdk method magic.user. getMetadataByToken(did) to grab the user's unique ID and email address
Store that data inside a JWT token and then move forward with your JWT implementation
On subsequent requests to your server, just verify the JWT
For example:
The client-side magic.user.getMetadata() while I'm logged in returns:
Wrapped in a JWT, that is:
Just enter that JWT on https://jwt.io to see it decoded back into the metadata object.
View our guide on this here https://magic.link/posts/magic-jwt
Here's high-level how JWT would work with Magic:
User logs in with Magic, you're returned the DID token
Validate the DID token in your backend with our admin-sdk magic.token.validate(did) method
Call our admin-sdk method magic.user. getMetadataByToken(did) to grab the user's unique ID and email address
Store that data inside a JWT token and then move forward with your JWT implementation
On subsequent requests to your server, just verify the JWT
For example:
The client-side magic.user.getMetadata() while I'm logged in returns:
{
"issuer": "did:ethr:0xB6fA0Cc4Af592e4405Aea2bDc53676b6Bd13A3E2",
"publicAddress": "0xB6fA0Cc4Af592e4405Aea2bDc53676b6Bd13A3E2",
"email": "hunter@magic.link"
}Wrapped in a JWT, that is:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3N1ZXIiOiJkaWQ6ZXRocjoweEI2ZkEwQ2M0QWY1OTJlNDQwNUFlYTJiRGM1MzY3NmI2QmQxM0EzRTIiLCJwdWJsaWNBZGRyZXNzIjoiMHhCNmZBMENjNEFmNTkyZTQ0MDVBZWEyYkRjNTM2NzZiNkJkMTNBM0UyIiwiZW1haWwiOiJodW50ZXJAbWFnaWMubGluayJ9.q8wCR9GgpmvGIFIRYQoEWYtn5Kui-HO5XfpYnEvzoAYJust enter that JWT on https://jwt.io to see it decoded back into the metadata object.
View our guide on this here https://magic.link/posts/magic-jwt
Updated on: 05 / 04 / 2021