In the following, we’ll outline the step-by-step implementation of how to connect your own session management with the Corbado session management:
1

User logs in to your application

The user logs into your application using our UI Components.
2

Corbado backend creates session-token

Upon successful login, the Corbado Frontend API responds with a session-token.
3

Request a session from your application

After receiving the Corbado session-token, the user sends a request to your backend including the Corbado session-token either as a cookie or in an authorization header.
4

Validate the Corbado session-token in your backend

Your backend must verify the Corbado session-token to be authentic. This can be done either by using a dedicated Corbado backend SDK or manually using our JWKS (https://< projectID >.frontendapi.cloud.corbado.io/.well-known/jwks).
5

Create your own session

After confirming that the Corbado session-token is authentic, so you can create your own session in the backend. Then, send your session to the user.
6

Store and use your own session

After the user receives your session, he can store it in any way you prefer (e.g. cookie or localstorage). Moving forward, it’s up to you how to handle your own session and what properties it should have.