Skip to main content

Authenticating with JWT SSO

To provide a seamless experience to your members, it's best to authenticate them automatically into your product using the JWT SSO.

To do so, you should follow these steps:

  1. Follow the JWT SSO instructions to generate a JWT token.
  2. Generate an embed URL for your community, space, or post using the Embedding Tribe instructions.
  3. Set the redirect_uri of the JWT SSO endpoint to the relative version of your embed URL.


Let's say you want to seamlessly embed a space into your community. After generating the JWT token, you can follow the steps for embedding a space. The URL will look like this:

You can convert the above URL to a relative URL by removing your community domain/subdomain from the beginning of the URL:


The JWT SSO URL looks like this:

https://YOUR_COMMUNITY_DOMAIN/api/auth/sso?redirect_uri={{Redirect URI}}&jwt={{Generated SSO Token}}

After replacing the redirect_uri value, the final URL will look like this:


Please note that you should apply encodeURIComponent function (or similfor encode URI method) on the redirect_uri value.

Node.js Example#

Here is a sample Node.js Express app snippet for generating the IFrame url:

Node.js Example
const jwt = require("jsonwebtoken");
const privateKey = "{Your Private Key}";
// `app` is an express app instance
app.get('/your/app/route', (req, res) => {
// Considering your user object is stored in `req.user`
const userData = {
iat: Math.round(new Date().getTime() / 1000),
exp: Math.round(new Date().getTime() / 1000) + 60,
// JWT token for authenticating the user
const jwtToken = jwt.sign(userData, privateKey, { algorithm: "HS256" });
// Generated by space embed generator and converted to a relative URL
const embedURL = '/embed/space/whats-new?readonly=false&header=true&composer=true&about=true'
const iframeSrc = `${jwtToken}&redirect_uri=${encodeURIComponent(embedURL)}`
// You can pass the `iframeSrc` to your rendering engine such as Pug instead
res.send(`<html><body><iframe src="${iframeSrc}" frameBorder="0" width="100%"></iframe></body></html>`)