Skip to main content

Overview

Returns a function that calls the Replyke API to sign a JWT using your project’s private key. This is intended exclusively for development and testing of external authentication flows — it lets you generate valid user JWTs from the client without setting up a backend.
Never use this hook in production. Calling this function exposes your project’s private key in client-side code, which is a critical security vulnerability. In production, JWT signing must happen on your backend server. See the External Authentication guide.

Usage Example

import { useSignTestingJwt } from "@replyke/react-js";
import { useAuth } from "@replyke/react-js";

function DevAuthHelper() {
  const signTestingJwt = useSignTestingJwt();
  const { signInWithToken } = useAuth();

  const signInAsTestUser = async () => {
    const token = await signTestingJwt({
      projectId: "your-project-id",
      privateKey: "your-private-key", // ⚠️ Development only
      userData: {
        id: "external-user-123",
        name: "Test User",
        email: "test@example.com",
      },
    });

    if (token) {
      await signInWithToken(token);
    }
  };

  return <button onClick={signInAsTestUser}>Sign in as test user</button>;
}

Parameters

projectId
string
required
Your Replyke project ID.
privateKey
string
required
Your project’s private key, used to sign the JWT. This key is available in your Replyke dashboard. Never expose this in production code.
userData
object
required
The user data to encode in the JWT payload. Must include id (the external user’s identifier). Additional fields are passed through as custom claims.
{
  id: string;           // Required: external user identifier
  [key: string]: any;   // Optional: name, email, avatar, etc.
}

Returns

Returns Promise<string | undefined>. On success, resolves to a signed JWT string that can be passed to the external auth sign-in flow.

Notes

  • The function logs a console warning each time it is called as a reminder that it is not for production use.
  • Use the returned token with the external authentication flow described in External Authentication.