Using AuthRocket with a Static Website

Q: Is it possible to use AuthRocket with a static website (no database)?


A: Sure. To do so, you’d want to use our LoginRocket feature for both logins and signups (unless you plan to pre-create all users directly through our management UI).

Then, you can use a Javascript JWT library to decode the login token. The decoded token includes some user info, like name and email, which you can then use on the site. Either decode the JWT in unverified mode, or use RS256 verification instead. (With the default, HS256, it is not safe to expose your JWT Secret. Doing so will create a security vulnerability.)

If you need more complex functionality, like storing and retrieving custom data from the user record, then you’ll need to have a backend webserver that can talk securely to our API. Technically speaking, your backend server still doesn’t have to have a database, but it would be a dynamic (non-static) website.

Tagged with: loginrocket jwt

Questions? Find a Typo? Get in touch.