Backend Integration
C++
Learn how to use Corbado in your C++ application even without an official C++ SDK.
Currently, there is no official SDK support for Corbado. This page explains how to use Corbado even without an official SDK.
If you need support or think we should increase the internal priority of the SDK please send us an email or send us a message in Slack.
You need to take care of the following steps:
See a list of all available generators and their specific options for different languages and frameworks at https://openapi-generator.tech/docs/generators.
To verify if a user is logged in your application needs to verify the session-token (represented as JWT). Corbado utilizes the RS256 algorithm (see JWT security for more details) for its JWTs.
To obtain the public keys required for verifying the JWT signature, you need to retrieve the JWKS (JSON Web Key Set). The JWKS is located at the Frontend API URL:
OpenAPI client generation
To simplify the integration of Corbado into your application, you can autogenerate a client/SDK. Since the Corbado Backend API follows the API standard OpenAPI (version 3.0.3), this is quite easy:- Download the official OpenAPI specification
- Take an OpenAPI generator, for example OpenAPI Generator
- Generate the client/SDK for and start using it in your application
Session handling
To fully understand the following section, make yourself familiar with the Corbado session management!
https://<projectID>.frontendapi.cloud.corbado.io/.well-known/jwks
For example for project ID pro-771306541694234650:
https://pro-771306541694234650.frontendapi.cloud.corbado.io/.well-known/jwks
Besides verifying the signature you need to check the following JWT claims:
| Claim | Description | Check |
|---|---|---|
| exp | Expiration Time | Must be in future |
| nbf | Not Before | Must be in past |
| iss | Issuer | Must be Frontend API URL (or CNAME if set) |
Make sure your JWT library supports JWKS caching, otherwise each JWT verification will result in an HTTP request to fetch the JWKS!