1. HelpDesk
  2. Developer FAQ

Can I use Magic with JWT?

Yes! You can simply use Magic for authentication, and your own JWT implementation for authorization.

Here's high-level how JWT would work with Magic:

  1. User logs in with Magic, you're returned the DID token
  2. Validate the DID token in your backend with our admin-sdk <magic.token.validate(did)> method
  3. Call our admin-sdk method <magic.user. getMetadataByToken(did)> to grab the user's unique ID and email address
  4. Store that data inside a JWT token and then move forward with your JWT implementation
  5. On subsequent requests to your server, just verify the JWT

For example:

The client-side <magic.user.getMetadata()> while I'm logged in returns:

"issuer": "did:ethr:0xB6fA0Cc4Af592e4405Aea2bDc53676b6Bd13A3E2",
"publicAddress": "0xB6fA0Cc4Af592e4405Aea2bDc53676b6Bd13A3E2",
"email": "hunter@magic.link"

Wrapped in a JWT, that is:


Just enter that JWT on https://jwt.io to see it decoded back into the metadata object.

View our guide on this here https://magic.link/posts/magic-jwt