Authgear
HomeGet Started
Search…
Authgear Docs
Get Started
Choose your authentication approach
Web SDK
React Native SDK
Flutter SDK
Xamarin SDK
Android SDK
iOS SDK
Backend Integration
Validate JWT in your application server
Forward Authentication to Authgear Resolver Endpoint
Strategies
User, Identity and Authenticator
Social & Enterprise Identity Providers
Biometric login
Anonymous Users
Integrate
Using SDK to call your application server
User Settings
User Profile
Reauthentication
How Authgear integrate with your applications
Single Sign-on on mobile devices
Force authentication on app launch
Account Deletion
Customize
Privacy Policy & Terms of Service Links
Branding in Auth UI
Custom domain
Custom Email Provider
Customer Support Link
Localization & UI Text
APIs
API for Client Applications (OIDC 2.0)
Admin APIs
Webhooks
Webhooks
Client App SDKs
Javascript SDK Reference
iOS SDK Reference
Android SDK Reference
Flutter SDK Reference
Xamarin SDK Reference
Deploy on your Cloud
Running locally with Docker
Deploy with Helm chart
Authenticating HTTP request with Nginx
Configurations
Security Concerns
Non-HTTP scheme redirect URI
tutorials
Single-Page App
Local Development Setup
Powered By GitBook
Backend Integration
Decide how your backend application server authenticate the incoming HTTP requests.
For Mobile App or Single Page Web App or Website, each request from the client to your application server should contain an access token or a cookie. Your backend server should validate them for each HTTP request.
There are two approaches to verify the requests, validate JWT in the your server or forward to Authgear Resolver Endpoint.
Validate JSON Web Token (JWT) in your application server
This approach is only available for Token-based authentication.
With the Issue JWT as access token option turned on in your application, Authgear will issue JWT as access tokens. The incoming HTTP requests should include the access token in their Authorization headers. Without setting the reverse proxy, your backend server can use your Authgear JWKS to verify the request and decode user information from the JWT access token.
Forward Authentication to Authgear Resolver Endpoint
This approach is available for both Token-based and Cookie-based authentication.
The recommended but more complicated approach is to forward each incoming HTTP request to the Authgear Resolver Endpoint to verify the access token or cookie.
You can forward the requests without the request body to the resolver endpoint. Authgear will look at the Authorization and Cookie in the HTTP header, verify the token, and respond HTTP 200 with X-Authgear- headers for session validity, the user id...etc.
If you use a popular reverse proxy on your deployment, such as NGINX, Traefik, etc, you can configure it with a few simple lines of forward auth config. Your backend should read the returned headers to determine the identity of the user of the HTTP request.

Comparison

​
Validate JSON Web Token (JWT) in your application server
Forward Authentication to Authgear Resolver Endpoint
Reliability
Medium JWT only updates when expire. That means before the token expiry, your application may see the user is valid even they has been disabled
High Update near real-time, based on your reserve proxy cache setting
Integration difficulties
Easy You only need to add code in your application to validate and decode JWT
Medium Need to setup extra reverse proxy to resolve authentication information

Setup guides

Validate JSON Web Token (JWT) in your application server
Forward authentication with Authgear Resolver Endpoint
Get Started - Previous
iOS SDK
Next
Validate JWT in your application server
Last modified 11mo ago
Copy link
Contents
Comparison
Setup guides