Memberstack uses JWT tokens to store a members session while they are logged in. You can use the token in your own API to identify the user.

Important: Please verify the signature of the token to confirm that Memberstack was the party that created it.

Steps

You can use MemberStack.getToken() client side to retrieve the token that Memberstack set for the member (will be empty if a member is not logged in). You can pass that token to your own API.

Please verify the token has the following properties.

Token Header

{
"alg":"RS256",
"kid" "Must match a key found at https://api.memberstack.io/metadata/v1/public-keys"
}

Token Payload

{
"id": "...",
"email": "...",
"site": "...",
"iat": 1600307139,
"exp": 1600907139
}

You can now verify the token was signed by a private key corresponding to the token's kid claim.

You can find public keys at https://api.memberstack.io/metadata/v1/public-keys

Did this answer your question?