Skip to content
AuthAction Documentation

Backend Integrations

AuthAction issues JWT access tokens that your backend APIs validate using standard JWKS-based verification. Official SDKs handle key fetching, caching, and rotation automatically — or follow the manual guides to integrate with the library of your choice.

Official AuthAction SDKs

Section titled “Official AuthAction SDKs”
SDKFrameworksInstall
@authaction/node-sdkExpress, Fastify, NestJS, Apollo GraphQLnpm install @authaction/node-sdk
authaction-python-sdkDjango, Flask, FastAPIpip install authaction-python-sdk
authaction-spring-boot-starterSpring BootMaven / Gradle
authaction-java-sdkAny Java app (Servlet, Quarkus, Micronaut)Maven / Gradle
authaction-go-sdknet/http, Gingo get github.com/authaction/authaction-go-sdk
authaction-rust-sdkActix-web, Axumcargo add authaction
authaction-php-sdkLaravel, PSR-15, plain PHPcomposer require authaction/authaction-php-sdk

Available Guides

Section titled “Available Guides”
  • Express.js: Official SDK (@authaction/node-sdk/express) or jwks-rsa + express-jwt
  • NestJS: Official SDK (@authaction/node-sdk/nestjs) or Passport JWT strategy
  • Apollo GraphQL: Official SDK (@authaction/node-sdk/apollo) or jwks-rsa
  • Spring Boot: Official SDK (authaction-spring-boot-starter) or Spring Security OAuth2
  • Go: Official SDK (authaction-go-sdk) or golang-jwt + jwx
  • .NET: ASP.NET Core JWT Bearer authentication
  • Django: Official SDK (authaction-python-sdk[django]) or python-jose
  • Flask: Official SDK (authaction-python-sdk[flask]) or python-jose
  • Ruby on Rails: Rails API concern with the jwt gem and JWKS caching
  • Rust (Actix-web): Official SDK (authaction-rust-sdk) or jsonwebtoken + reqwest
  • PHP: Official SDK (authaction-php-sdk) or firebase/php-jwt
  • Laravel: Official SDK (authaction-php-sdk) or lcobucci/jwt

How It Works

Section titled “How It Works”
  1. Your frontend obtains an access token from AuthAction
  2. The frontend sends the token in the Authorization: Bearer <token> header
  3. Your backend validates the token’s signature against AuthAction’s JWKS endpoint
  4. If valid, the request is authorized; otherwise a 401 Unauthorized response is returned

All implementations validate the issuer, audience, and RS256 signature of the JWT to ensure the token is legitimate and intended for your API.