Skip to content

Commit 6c2dc5a

Browse files
promptless[bot]promptless[bot]
authored
Sync documentation updates
1 parent b9eb62d commit 6c2dc5a

2 files changed

Lines changed: 3 additions & 0 deletions

File tree

  • docs
    • code-examples/concepts
    • content/docs/(guides)/concepts

docs/code-examples/concepts/jwt.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,8 @@ const jwks = jose.createRemoteJWKSet(
124124
new URL('https://api.stack-auth.com/api/v1/projects/YOUR_PROJECT_ID/.well-known/jwks.json?include_anonymous=true&include_restricted=true')
125125
);
126126
127+
// Restricted (non-anonymous) users use the same issuer as regular users,
128+
// so only two issuers are needed even though there are three audiences
127129
const { payload } = await jose.jwtVerify(token, jwks, {
128130
issuer: [
129131
'https://api.stack-auth.com/api/v1/projects/YOUR_PROJECT_ID',

docs/content/docs/(guides)/concepts/jwt.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ Anonymous user tokens have the same shape, but:
8686

8787
Restricted user tokens (e.g., users who haven't verified their email when verification is required) have:
8888

89+
- `iss` remains unchanged (same as regular users)
8990
- `aud` becomes `<project-id>:restricted`
9091
- `is_restricted` is `true`
9192
- `restricted_reason` is `{ "type": "email_not_verified" }`

0 commit comments

Comments
 (0)