Skip to main content
Bring Your Own Auth (BYOA) is an enterprise feature. Contact us in Slack or at [email protected] to enable it.
If you already issue your own JWTs (e.g. from Auth0, Firebase Auth, Supabase, or your own backend), you can exchange that JWT for a Dynamic session. After sign-in, the user behaves like any other Dynamic user — with access to wallets, user management, and the rest of the SDK. For concepts and configuration, see Bring Your Own Auth.

Prerequisites

Usage

Call signInWithExternalJwt with the JWT issued by your auth provider. Dynamic verifies the signature against your configured JWKS URL, validates the claims, and establishes a session. 
import { signInWithExternalJwt } from '@dynamic-labs-sdk/client';

const signIn = async (externalJwt, externalUserId) => {
  try {
    await signInWithExternalJwt({
      externalJwt,
      externalUserId,
    });

  } catch (e) {
    console.error('Dynamic sign-in failed:', e);
  }
};

Parameters

ParameterTypeRequiredDescription
externalJwtstringYesThe raw encoded JWT issued by your authentication provider.
externalUserIdstringYesThe user ID in your authentication system. Must match the sub claim in the JWT — Dynamic derives the stored external user ID from the JWT server-side.