Rownd’s token validator allows you to authenticate a token issued by another authentication provider and exchange it for a Rownd token. This feature is useful when migrating to Rownd from another authentication provider and you want to prevent existing users from being signed-out during the transition. It can also be used when moving between contexts, such as when your code is embedded in an implementation that you don’t directly control (e.g., a webview inside someone else’s mobile app).
When transitioning to Rownd’s adaptive authenitcation, it’s often important to keep your existing users signed-in once you deploy Rownd. The token validator enables Rownd to accept and validate your users’ existing tokens. That way, users won’t be forced to sign in again due to the authentication provider upgrade.
If your app is embedded in one of your customers’ apps, the “parent” app may have previously created its own user session. If the customer can pass you a token or similar data that can be validated either via a JWKset or a REST API, Rownd’s token validator will validate the existing token and extract a user ID from the response so that a user can continue using your app without any friction.
To set up the token validator, you’ll need to configure your authentication provider to issue a token that Rownd can validate.Note: If you do not see Integrations in the Rownd left-hand sidebar, please contact the Rownd support team at support@rownd.io for assistance.
When implementing an API for the token validator to call, the response should be a flat JSON object with properties
that match the configuration you supplied to the token validator setup above. For example, if you configured the token validator to extract a userId and email from the response, the response should look like this:
You can also include additional properties in the response, which will be stored in the user’s profile in Rownd if they match the profile schema configured within Rownd.
Providing a user ID in your API response is optional. If none is provided, Rownd will generate a new user ID. If the user ID is present, Rownd will use it instead, which may be helpful if you’re trying to map users to an existing system.
Handling cases where the token is invalid or the user isn’t found
If the token Rownd passes to your API does not match an existing user, you should return either a 400 or a 404 status code, which will cause Rownd to abort the token exchange.
If you’re using Firebase as your authentication provider, Rownd provides a separate integration. Follow these steps:
Navigate to Integrations
Click on the Firebase - Authenticaiton card from the Connector catalog tab.
Authenticate with Firebase, providing Rownd scoped access for validation.
Select the desired Project and App (if applicable).
Save the integration, then attach it to your Rownd application to enable it.
When existing users sign in via Rownd, we’ll automatically preserve their Firebase ID and basic user information, which is especially useful if you’re referencing users in a separate datastore via this ID.Once Rownd is fully implemented, your users will not have to “re-sign in” and Rownd will automatically create users inside of Rownd for them.For additional assistance setting up the token validator, please reach out to support@rownd.io.