Authorization
Last updated
Last updated
When a user logs in to your app and becomes authenticated
, SocialLive issues the user an app access token. This token is signed by SocialLive and cannot be spoofed.
When your frontend makes a request to your backend, you should include the current user's access token in the request. This allows your server to determine whether the requesting user is truly authenticated or not.
SocialLive access tokens are , signed with the EdDSA algorithm. These JWTs include certain information about the user in its claims, namely:
sid
is the user’s current session ID
sub
is the user’s SocialLive ID
iss
is the token issuer, which should always be auth.social.live
aud
is your SocialLive app ID
iat
is the timestamp of when the JWT was issued
exp
is the timestamp of when the JWT will expire and is no longer valid. This is generally 30 minutes after the JWT was issued.