Skip to main content

How authentication is performed (Client / end-user ↔ Dynamic)

When using Dynamic as the auth provider, authentication happens between the end-user (via the Dynamic SDK in your app) and Dynamic’s backend. Your server is not involved in the authentication step itself.
  1. The user initiates sign-in through the Dynamic SDK embedded in your app.
  2. The SDK sends the authentication data to Dynamic’s backend (e.g. the signed message, OTP code, or OAuth callback data).
  3. Dynamic verifies the credential and, if access control passes, issues a JWT.
  4. The SDK stores the JWT (in a cookie or in-app storage), builds the user object, and the user is authenticated.
For auth methods and SDK links, see Auth methods. For using the JWT to protect your backend, see Protecting your servers.