Hello,
Do you know if or how can I use the JWT token generated by Nakama to authenticate the user on another service?
The other service is for ‘e-commerce’ and it handles the checkout + payment for subscriptions / coins packages. I want to be able to authenticate the user there with the session from Nakama – so basically use Nakama as an authentication/authorization service.
Does anyone did this before? The documentation is not very clear.
Thanks in advance!
@vladmustiata Hi! Nakama uses JWT session tokens with HMAC-SHA256 signatures. Yes, you can use these session tokens in other services you control, as long as those services accept this JWT format.
To properly validate the tokens your other services will need to be configured with the signing key used by Nakama - it’s up to you (and the services you want to integrate) how this is done. The config value you need is session.encryption_key.
Thanks @zyro! Sounds good.
The simplest way I’ve found to verify the token is to try a GetAccount rpc against the Nakama server. If it succeeds it means the token is valid and the session is active.