Authorization

When a user logs in to your app and becomes authenticated, SocialLive issues the user an app access token. This token is signed by SocialLive and cannot be spoofed.

When your frontend makes a request to your backend, you should include the current user's access token in the request. This allows your server to determine whether the requesting user is truly authenticated or not.

Access token format

SocialLive access tokens are JSON Web Tokens (JWT), signed with the EdDSA algorithm. These JWTs include certain information about the user in its claims, namely:

sid is the user’s current session ID
sub is the user’s SocialLive ID
iss is the token issuer, which should always be auth.social.live
aud is your SocialLive app ID
iat is the timestamp of when the JWT was issued
exp is the timestamp of when the JWT will expire and is no longer valid. This is generally 30 minutes after the JWT was issued.

PreviousAuthentication

Last updated 27 days ago