from stytch import Client
client = Client(
project_id="project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret="secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
resp = client.sessions.authenticate_jwt(
session_jwt="eyJ...",
)
print(resp)
const stytch = require('stytch');
const client = new stytch.Client({
project_id: 'project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da',
secret: 'secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=',
});
const params = {
session_jwt: 'eyJ...',
};
client.sessions
.authenticateJwt(params)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/stytchapi"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/sessions"
)
func main() {
client, err := stytchapi.NewClient(
"project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
"secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
if err != nil {
log.Fatalf("error instantiating API client %s", err)
}
resp, err := client.Sessions.AuthenticateJWT(
context.Background(),
&sessions.AuthenticateParams{
SessionJWT: "eyJ...",
},
)
if err != nil {
log.Println(err)
}
log.Println(resp)
}
require 'stytch'
client = Stytch::Client.new(
project_id: "project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret: "secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM="
)
resp = client.sessions.authenticate_jwt(
session_jwt: "eyJ..."
)
puts resp
# This is an SDK method that doesn't directly hit an API endpoint unless the JWT is expired.
# It's only available via our backend SDKs.
{
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
}
{
"status_code": 200,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
"user": {...},
"verdict": {...},
}
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
from stytch import Client
client = Client(
project_id="project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret="secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
resp = client.sessions.authenticate_jwt(
session_jwt="eyJ...",
)
print(resp)
const stytch = require('stytch');
const client = new stytch.Client({
project_id: 'project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da',
secret: 'secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=',
});
const params = {
session_jwt: 'eyJ...',
};
client.sessions
.authenticateJwt(params)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/stytchapi"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/sessions"
)
func main() {
client, err := stytchapi.NewClient(
"project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
"secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
if err != nil {
log.Fatalf("error instantiating API client %s", err)
}
resp, err := client.Sessions.AuthenticateJWT(
context.Background(),
&sessions.AuthenticateParams{
SessionJWT: "eyJ...",
},
)
if err != nil {
log.Println(err)
}
log.Println(resp)
}
require 'stytch'
client = Stytch::Client.new(
project_id: "project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret: "secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM="
)
resp = client.sessions.authenticate_jwt(
session_jwt: "eyJ..."
)
puts resp
# This is an SDK method that doesn't directly hit an API endpoint unless the JWT is expired.
# It's only available via our backend SDKs.
{
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
}
{
"status_code": 200,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
"user": {...},
"verdict": {...},
}
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
Session Management
Authenticate JWT
Authenticate a session using a JSON Web Token (JWT)
from stytch import Client
client = Client(
project_id="project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret="secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
resp = client.sessions.authenticate_jwt(
session_jwt="eyJ...",
)
print(resp)
const stytch = require('stytch');
const client = new stytch.Client({
project_id: 'project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da',
secret: 'secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=',
});
const params = {
session_jwt: 'eyJ...',
};
client.sessions
.authenticateJwt(params)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/stytchapi"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/sessions"
)
func main() {
client, err := stytchapi.NewClient(
"project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
"secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
if err != nil {
log.Fatalf("error instantiating API client %s", err)
}
resp, err := client.Sessions.AuthenticateJWT(
context.Background(),
&sessions.AuthenticateParams{
SessionJWT: "eyJ...",
},
)
if err != nil {
log.Println(err)
}
log.Println(resp)
}
require 'stytch'
client = Stytch::Client.new(
project_id: "project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret: "secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM="
)
resp = client.sessions.authenticate_jwt(
session_jwt: "eyJ..."
)
puts resp
# This is an SDK method that doesn't directly hit an API endpoint unless the JWT is expired.
# It's only available via our backend SDKs.
{
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
}
{
"status_code": 200,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
"user": {...},
"verdict": {...},
}
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
from stytch import Client
client = Client(
project_id="project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret="secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
resp = client.sessions.authenticate_jwt(
session_jwt="eyJ...",
)
print(resp)
const stytch = require('stytch');
const client = new stytch.Client({
project_id: 'project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da',
secret: 'secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=',
});
const params = {
session_jwt: 'eyJ...',
};
client.sessions
.authenticateJwt(params)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/stytchapi"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/sessions"
)
func main() {
client, err := stytchapi.NewClient(
"project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
"secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)
if err != nil {
log.Fatalf("error instantiating API client %s", err)
}
resp, err := client.Sessions.AuthenticateJWT(
context.Background(),
&sessions.AuthenticateParams{
SessionJWT: "eyJ...",
},
)
if err != nil {
log.Println(err)
}
log.Println(resp)
}
require 'stytch'
client = Stytch::Client.new(
project_id: "project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
secret: "secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM="
)
resp = client.sessions.authenticate_jwt(
session_jwt: "eyJ..."
)
puts resp
# This is an SDK method that doesn't directly hit an API endpoint unless the JWT is expired.
# It's only available via our backend SDKs.
{
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
}
{
"status_code": 200,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"session": {
"attributes": {
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"authentication_factors": [
{
"delivery_method": "email",
"email_factor": {
"email_address": "sandbox@stytch.com",
"email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
},
"last_authenticated_at": "2021-08-09T07:41:52Z",
"created_at": "2021-08-09T07:41:52Z",
"updated_at": "2021-08-09T07:41:52Z",
"type": "magic_link"
}
],
"custom_claims": {
"claim1": "value1",
"claim2": "value2",
},
"expires_at": "2021-08-10T07:41:52Z",
"last_accessed_at": "2021-08-09T07:41:52Z",
"session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
"started_at": "2021-08-09T07:41:52Z",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
},
"session_jwt": "example_jwt",
"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
"user": {...},
"verdict": {...},
}
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
Given a Session , this method authenticates a Session and updates its lifetime by the specified
If you provide a JWT that needs to be refreshed and is expired according to its
session_duration_minutes. If session_duration_minutes is not specified, the Session will not be extended.
This method is only available when using our backend SDKs.If you are not using one of our backend SDKs, please use the Authenticate Session endpoint instead.
exp claim, a new JWT will be returned if both the signature and the underlying Session are still valid. See our JWT guides for more information.
If the JWT is older than max_token_age_seconds or if the JWT is expired, this method will communicate with the Stytch API to authenticate the session. Otherwise, the JWT will be validated locally.
Local JWT validation
If you do not provide amax_token_age_seconds parameter, then the authenticateJwt method will only communicate with the Stytch API if the JWT is expired (Stytch JWTs have an exp of five minutes). Specifying a max_token_age_seconds parameter of less than five minutes is one way to reduce security risks inherent to local JWT validation by forcing communication with the Stytch API more frequently.
We recommend relying primarily on this method over the authenticateSession method, as it handles the local JWT validation vs. remote session authentication logic for you, improving latency when the JWT is less than max_token_age_seconds old and authenticating the underlying session with Stytch when necessary.
Request Parameters
The Session JWT to authenticate.
If an
authorization_check object is passed in, this endpoint will also check if the User is authorized to perform the given action on the given Resource. A User is authorized if they are assigned a Role with adequate permissions.If the User is not authorized to perform the specified action on the specified Resource, a 403 error will be thrown. Otherwise, the response will contain a list of Roles that satisfied the authorization check.If included, this method will also check if the User is authorized to perform the given action on the given Resource. A User is authorized if they are assigned a Role with adequate permissions.
Show properties
Show properties
A unique identifier of the RBAC Resource, provided by the developer and intended to be human-readable.A
resource_id is not allowed to start with stytch, which is a special prefix used for Stytch default Resources with reserved resource_ids.An action to take on a Resource.
If set, remote verification will be forced if the JWT was issued more than that many seconds ago (based on the
iat claim).Response
The Session object associated with the authenticated JWT.
Show properties
Show properties
A unique identifier for a specific Session.
The unique ID of the affected User.
An array of different authentication factors that comprise a Session.
The timestamp when the Session was created. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
The timestamp when the Session was last accessed. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
The timestamp when the Session expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
The custom claims map for a Session. Claims can be added to a session during a Sessions authenticate call.
A list of the roles associated with the session.
A new JWT for the authenticated Session.
An opaque Session token for the authenticated Session.Will only be returned when remote JWT authentication occurs.
The User object associated with the authenticated Session. See the User object for complete response field details.Will only be returned when remote JWT authentication occurs.
Show properties
Show properties
The timestamp of the User’s creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
An array contains a list of all crypto wallets for a given User in the Stytch API.
Show properties
Show properties
The unique ID for a crypto wallet
The actual blockchain address of the User’s crypto wallet.
The blockchain that the User’s crypto wallet operates on, e.g. Ethereum, Solana, etc.
If this method has been successfully authenticated by the User.
The trusted_metadata field contains an arbitrary JSON object of application-specific data. See the Metadata reference for complete field behavior details.
The untrusted_metadata field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and cannot be used to store critical information. See the Metadata reference for complete field behavior details.
An array of OAuth provider objects linked to the User.
Show properties
Show properties
The unique ID for an OAuth registration.
The unique identifier for the User within a given OAuth provider. Also commonly called the “sub” or “Subject field” in OAuth protocols.
Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Facebook, GitHub etc.
If available, the profile_picture_url is a url of the User’s profile picture set in OAuth identity the provider that the User has authenticated with, e.g. Facebook profile picture.
If available, the locale is the User’s locale set in the OAuth identity provider that the user has authenticated with.
The status of the User. The possible values are
pending and active.The unique ID of the affected User.
An array that contains a list of all Passkey or WebAuthn registrations for a given User in the Stytch API.
Show properties
Show properties
The unique ID for the Passkey or WebAuthn registration.
The domain on which Passkey or WebAuthn registration was started. This will be the domain of your app.
The user agent of the User.
The authenticator_type string displays the requested authenticator type of the Passkey or WebAuthn device. The two valid types are “platform” and “cross-platform”. If no value is present, the Passkey or WebAuthn device was created without an authenticator type preference.
If this method has been successfully authenticated by the User.
The name of the Passkey or WebAuthn registration.
Roles assigned to this User. See the RBAC guide for more information about role assignment.
If an
authorization_check is provided in the request and the check succeeds, this field will return information about why the User was granted permission.Show properties
Show properties
Whether the User was authorized to perform the specified action on the specified Resource. Always true if the request succeeds.
The complete list of Roles that gave the User permission to perform the specified action on the specified Resource.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values
equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we
may ask for this value to help identify a specific API call when helping you debug an issue.
⌘I