Skip to main content
from stytch import Client

client = Client(
  project_id="project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
  secret="secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)

resp = client.sessions.authenticate_jwt(
  session_jwt="eyJ...",
)

print(resp)

{
  "session": {
    "attributes": {
      "ip_address": "203.0.113.1",
      "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
    },
    "authentication_factors": [
      {
        "delivery_method": "email",
        "email_factor": {
          "email_address": "sandbox@stytch.com",
          "email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
        },
        "last_authenticated_at": "2021-08-09T07:41:52Z",
        "created_at": "2021-08-09T07:41:52Z",
        "updated_at": "2021-08-09T07:41:52Z",
        "type": "magic_link"
      }
    ],
    "custom_claims": {
      "claim1": "value1",
      "claim2": "value2",
    },
    "expires_at": "2021-08-10T07:41:52Z",
    "last_accessed_at": "2021-08-09T07:41:52Z",
    "session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
    "started_at": "2021-08-09T07:41:52Z",
    "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
  },
  "session_jwt": "example_jwt",
}

from stytch import Client

client = Client(
  project_id="project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da",
  secret="secret-test-IJ7zLTgXp8xoS7yXO2xavNxZTbYfvm-2nZM=",
)

resp = client.sessions.authenticate_jwt(
  session_jwt="eyJ...",
)

print(resp)

{
  "session": {
    "attributes": {
      "ip_address": "203.0.113.1",
      "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
    },
    "authentication_factors": [
      {
        "delivery_method": "email",
        "email_factor": {
          "email_address": "sandbox@stytch.com",
          "email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953"
        },
        "last_authenticated_at": "2021-08-09T07:41:52Z",
        "created_at": "2021-08-09T07:41:52Z",
        "updated_at": "2021-08-09T07:41:52Z",
        "type": "magic_link"
      }
    ],
    "custom_claims": {
      "claim1": "value1",
      "claim2": "value2",
    },
    "expires_at": "2021-08-10T07:41:52Z",
    "last_accessed_at": "2021-08-09T07:41:52Z",
    "session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509",
    "started_at": "2021-08-09T07:41:52Z",
    "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
  },
  "session_jwt": "example_jwt",
}
Given a Session , this method authenticates a Session and updates its lifetime by the specified session_duration_minutes. If session_duration_minutes is not specified, the Session will not be extended.
This method is only available when using our backend SDKs.If you are not using one of our backend SDKs, please use the Authenticate Session endpoint instead.
If you provide a JWT that needs to be refreshed and is expired according to its exp claim, a new JWT will be returned if both the signature and the underlying Session are still valid. See our JWT guides for more information. If the JWT is older than max_token_age_seconds or if the JWT is expired, this method will communicate with the Stytch API to authenticate the session. Otherwise, the JWT will be validated locally.

Local JWT validation

If you do not provide a max_token_age_seconds parameter, then the authenticateJwt method will only communicate with the Stytch API if the JWT is expired (Stytch JWTs have an exp of five minutes). Specifying a max_token_age_seconds parameter of less than five minutes is one way to reduce security risks inherent to local JWT validation by forcing communication with the Stytch API more frequently. We recommend relying primarily on this method over the authenticateSession method, as it handles the local JWT validation vs. remote session authentication logic for you, improving latency when the JWT is less than max_token_age_seconds old and authenticating the underlying session with Stytch when necessary.

Request Parameters

session_jwt
string
required
The Session JWT to authenticate.
authorization_check
object
If an authorization_check object is passed in, this endpoint will also check if the User is authorized to perform the given action on the given Resource. A User is authorized if they are assigned a Role with adequate permissions.If the User is not authorized to perform the specified action on the specified Resource, a 403 error will be thrown. Otherwise, the response will contain a list of Roles that satisfied the authorization check.
authorization_check
object
If included, this method will also check if the User is authorized to perform the given action on the given Resource. A User is authorized if they are assigned a Role with adequate permissions.
max_token_age_seconds
number
If set, remote verification will be forced if the JWT was issued more than that many seconds ago (based on the iat claim).

Response

session
object
required
The Session object associated with the authenticated JWT.
session_jwt
string
required
A new JWT for the authenticated Session.
session_token
string
An opaque Session token for the authenticated Session.Will only be returned when remote JWT authentication occurs.
user
object
The User object associated with the authenticated Session.Will only be returned when remote JWT authentication occurs.
verdict
object
If an authorization_check is provided in the request and the check succeeds, this field will return information about why the User was granted permission.
status_code
number
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
request_id
string
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.