OpenAPI client generation
To simplify the integration of Corbado into your application, you can autogenerate a client/SDK. Since the Corbado Backend API follows the API standard OpenAPI (version 3.0.3), this is quite easy:- Download the official OpenAPI specification
- Take an OpenAPI generator, for example OpenAPI Generator
- Generate the client/SDK for and start using it in your application
Session handling
To fully understand the following section, make yourself familiar with the Corbado session management!
https://<projectID>.frontendapi.cloud.corbado.io/.well-known/jwks
For example for project ID pro-771306541694234650
:
https://pro-771306541694234650.frontendapi.cloud.corbado.io/.well-known/jwks
Besides verifying the signature you need to check the following JWT claims:
Claim | Description | Check |
---|---|---|
exp | Expiration Time | Must be in future |
nbf | Not Before | Must be in past |
iss | Issuer | Must be Frontend API URL (or CNAME if set) |
Make sure your JWT library supports JWKS caching, otherwise each JWT verification will result in an HTTP request to fetch the JWKS!