Yes! You can simply use Magic for authentication, and your own JWT implementation for authorization.

Here's high-level how JWT would work with Magic:

User logs in with Magic, you're returned the DID token
Validate the DID token in your backend with our admin-sdk magic.token.validate(did) method
Call our admin-sdk method magic.user. getMetadataByToken(did) to grab the user's unique ID and email address
Store that data inside a JWT token and then move forward with your JWT implementation
On subsequent requests to your server, just verify the JWT

For example:

The client-side magic.user.getMetadata() while I'm logged in returns:

{
  "issuer": "did:ethr:0xB6fA0Cc4Af592e4405Aea2bDc53676b6Bd13A3E2",
  "publicAddress": "0xB6fA0Cc4Af592e4405Aea2bDc53676b6Bd13A3E2",
  "email": "hunter@magic.link"
}


Wrapped in a JWT, that is:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3N1ZXIiOiJkaWQ6ZXRocjoweEI2ZkEwQ2M0QWY1OTJlNDQwNUFlYTJiRGM1MzY3NmI2QmQxM0EzRTIiLCJwdWJsaWNBZGRyZXNzIjoiMHhCNmZBMENjNEFmNTkyZTQ0MDVBZWEyYkRjNTM2NzZiNkJkMTNBM0UyIiwiZW1haWwiOiJodW50ZXJAbWFnaWMubGluayJ9.q8wCR9GgpmvGIFIRYQoEWYtn5Kui-HO5XfpYnEvzoAY


Just enter that JWT on https://jwt.io to see it decoded back into the metadata object.

View our guide on this here https://magic.link/posts/magic-jwt
Was this article helpful?
Cancel
Thank you!