Features Pricing No credit card required
Help

Help > Forum > Website Integration > Single Sign On - JWT

Single Sign On - JWT

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWT SSO allows you to automatically sign users into your Website Toolbox forum when they sign into your website, without requiring them to re-enter their credentials.

Configuration

To enable JWT SSO:

  1. Log in to your Website Toolbox account.
  2. Go to Integrate → Single Sign On.
  3. Under "Your Website Builder", select Custom JWT from the dropdown.
  4. Enter your Client Secret. This secret key is used to verify the tokens generated on your server. It must match the secret used in your code.
  5. (Optional) Enter the Client Issuer ID. If provided, the iss claim in your JWT payload must match this value.

JWT Payload Attributes

Your JWT payload should include the following attributes:

Attribute Type Required Description
email string Yes User's email address
username string No User's username
name string No User's full name
userid or external_userid integer No User's unique ID from your system
avatarURL, picture, or avatar_url string No URL to user's avatar image. Any of these attribute names will be recognized
iss string No Issuer identifier. If you configured a Client Issuer ID in the settings, this value must match it
iat integer No Issued-at timestamp in Unix epoch format. If provided, it will be validated to ensure it's not in the future
exp integer No Expiration timestamp in Unix epoch format. If provided, the token will be rejected if it has expired

Redirect URL

https://FORUM_DOMAIN/oauth?action=doOauthCallback&service=JWT&code=JWT_TOKEN

Replace FORUM_DOMAIN with your forum domain. Replace JWT_TOKEN with your JWT token.

Troubleshooting


If you still need help, please contact us.


Contact Help Privacy Terms