Skip to main content

Custom Verifiers

You can use your own login providers with Torus, using one of the custom login schemes (either via RSA or ECDSA signatures). This way, your users can still use your existing login provider, with CustomAuth. The application should follow the JWT specification and use JWKS for signing whose public keys are exposed by an endpoint.

Head over to developer dashboard to get started with creating a custom verifier.

To create a custom verifier, you'll need

  1. JWT Verifier ID
  2. JWK Endpoint
  3. JWT Validations

JWT Verifier ID#

JWT Verifier ID is the unique identifier to publicly represent a user on a verifier.

e.g: email, sub etc.

JWK Endpoint#

An endpoint containing the JWKS used for signing.

Output of jwk endpoint should contain same fields as the example given below.

{  "keys": [    {      "kty": "RSA",      "e": "AQAB",      "use": "sig",      "kid": "1bb9605c36e98e30117a69517569386830202b2d",      "n": "pAbfKmQ1ljT6yZcrdxaJxqsB7EupbBFcCLiMzmuFQMuk3y_g-vVPR8ZwTJbalwBxD-vUPmxmZAVok_iNthw1mnW0POg3kEwtl1qambgNKlaTeO8S3D-KGlUNV6bU-JXbyquds7v8bQjmIQ5oXhwIQt6x55bEyZTOCQDl3ZHy1XxeBWFyiPUXXnqkO51EFeVNiMi8Ihue16UY_lIizhivl2C_UwJ0Ymx9eWJ-nefPBo7Lr_fIxh81NaLMB6t5L8123RSIaaIcR_r1H_ZbEe9VNTfnGdYS3A0u-pNS_bm5jRSBo1qt01OFu0xEsjcO7-NESTBr8w8SUqGK86tg9oQz5w",      "alg": "RS256"    },    {      "kty": "RSA",      "e": "AQAB",      "alg": "RS256",      "kid": "c53624af1600da79f31f0314f205d4f37ad6e246",      "use": "sig",      "n": "sinuWOLB7u0NoJ5Cy92AUqC7clH0ErjTjrI_b_dBbndg0rrFZryKfbvH4ncZW_yQ9izl2mjLsjsBzVwAyzWIn83QRhTtisdV7k9AkhSGdNu-cG_qPkedhqFPIn_uyBnVpxksp8clMRALetdHncUqcTfhIpngQp_JxFHle0fNsylU510fH-iZfphLO9mMpq6eB5QGynttgpdsLxLuXe1CffNQya0pmtLkU4ATfVdXV_bMqzRxxbDOnzIaLjzUJdsMuScCTjQX93xdfzEu-Vk6zOpdkrBRUuopgAX1e8NPQz150XEOTInkh0Mfhw0t1GeB7zbbjYJDmCgYTIW1g4teBw"    }  ]}

JWT Validations#

These are the claims against which a JWT is validated.

  • Token Audience ( aud ):

The audience is your verifier's Applicaiton ID, assigned to your verifier on torus-network. The aud value is a case-sensitive string containing a StringOrURI value. Use of this claim is MANDATORY.

  • Token Issuer ( iss ):

The issuing authority of the token. The iss value is a case-sensitive string containing a StringOrURI value. Use of this claim is OPTIONAL.

You can add upto 3 validations; including any custom claims like email_verified etc.

Note: Your jwt token payload data must contain iat field.