JWT Payload

πŸ“˜

The JWT Update

The fields below are going to be released in mid-September. See below for the current, but soon to be deprecated, fields.

When an end user connects their wallet, you, the developer, get a JSON Web Token (JWT) that can be used to verify some claims about the end user, notably a proof of ownership over a wallet public address.

After authenticating the JWT token, see Server-side verification, you may want to leverage user and wallet information provided in the JWT. Below we have the content defined with the aim of following the JWT standards.

Standard JWT claims:

See: https://www.rfc-editor.org/rfc/rfc7519#section-4.1

FieldDescription
audAudience for the JWT token. This claim shows what domain of the indended audience of the JWT.
issIssuer of the JWT token. This claim shows app.dynamic.xyz generated and issued the JWT.
subSubject of the JWT token. userId in the deprecated info claim.
iatTimestamp when the JWT token was issued.
expTimestamp when the JWT token will expire.

Dynamic-specific claims:

These fields are optional and you depends on whether you want to collect this information during onboarding. For more information about collecting this information, see here.

aliasAlias field from customer information capture.
emailEmail field from customer information capture.
environment_idUnique ID of the project environment for the SDK, from https://app.dynamic.xyz/dashboard/api. environmentId in the deprecated info claim.
given_nameFirst name field from customer information capture. firstName in the deprecated info claim.
family_nameLast name field from customer information capture. lastName in the deprecated info claim.
listsNames of access lists enabled for this user.
blockchain_accountsList of all blockchain accounts connected to this user.
verified_accountIf present, this was the most recently signed and verified wallet blockchain account.

Blockchain account

FieldDescription
addressPublic address of the wallet. walletPublicKey in deprecated info claim.
chainCAIP-2 valid chain namespace. Example: eip155.
idInternal ID of the wallet in Dynamic.
wallet_nameName of the wallet used to connect. wallet in deprecated info claim.

Example

{
  "alias": "paolo",
  "aud": "https://dashboard.hello.xyz",
  "blockchain_accounts": [
    {
      "address": "0x000123abc",
      "chain": "eip155",
      "id": "af615228-99e5-48ee-905d-4575f0a6bfc9",
      "wallet_name": "metamask"
    }
  ],
  "email": "[email protected]",
  "environment_id": "fb6dd9d1-09f5-43c3-8a8c-eab6e44c37f9",
  "family_name": "lim",
  "given_name": "paolo",
  "iss": "app.dynamic.xyz/fb6dd9d1-09f5-43c3-8a8c-eab6e44c37f9",
  "lists": [ "Community dashboard acess list" ],
  "sub": "d261ee91-8ea0-4949-b8bb-b6ab4f712a49",
  "verified_account": {
    "address": "0x000123abc",
    "chain": "eip155",
    "id": "af615228-99e5-48ee-905d-4575f0a6bfc9",
    "wallet_name": "metamask"
  },
  "iat": 1660677597,
  "exp": 1660684797
}

Current JWT ('soon to be deprecated)

The info claim and the fields within will soon be deprecated for the JWT structure and nomenclature listed above.

FieldDescription
info.aliasAlias field from customer information capture
info.chainBlockchain for the wallet used to connect to the environment. Valid values: ETH, SOL, EVM, FLOW
info.emailEmail field from customer information capture
info.environmentIdTimestamp when the JWT token was issued.
info.firstNameTimestamp when the JWT token will expire.
info.lastNameLast name field from customer information capture
info.listsNames of access lists enabled for this user
info.userIdUnique ID of the use for this project environment
info.walletName of the wallet used to connect
info.walletPublicKeyAddress of the wallet used to connect

What’s Next
Did this page help you?