Skip to content

Third-party auth

If you plan to use Privy with a third-party authentication provider like Auth0, Stytch, or Firebase, use the Third-Party auth page of the dashboard to register the required information from your provider. Otherwise, skip this guide!


Don't see the Third-Party Auth page in the Dashboard? Please request access to this feature via the Plugins page.

JWT Verification Details

To verify your user's auth status, Privy requires a verification key to ensure the JWTs received by Privy are valid. You must provide one of the following:

  • JWKS Endpoint: If your provider uses JWKS to sign JWTs, provide a JWKS endpoint to allow Privy to get your auth provider's JWT public key.
  • Public Verification Key: If your provider uses a single key to sign JWTs, provide the corresponding public key certificate used for verification.

For Auth0, you can follow these instructions to get these details.

JWT ID Claim

Enter the claim from your user's JWT that contains the user's unique ID. In most access tokens and identity tokens, this is the sub claim.

JWT aud Claim (Optional)

aud accepts multiple values. If any of the aud values in the JWT are included in the set of allowed aud values, the JWT will be successfully verified.

Why does Privy need this information?

When a user logs into your app, your auth provider issues them an access and/or an identity token to represent their auth status. To provision your user's embedded wallet, Privy must validate this token to authenticate your user. Privy will verify both the token's signature and its expiration time (exp claim).