Skip to main content

What is JWKS?

JSON Web Key Set (JWKS) is a standard that allows Chipi Pay to verify your users’ JWT tokens without ever seeing their credentials. Your auth provider exposes a public endpoint with its signing keys, and Chipi uses those keys to verify that tokens are authentic. Any OIDC-compliant provider (Auth0, Cognito, Okta, Keycloak, etc.) exposes a JWKS endpoint.
1

Install the Chipi SDK

npx expo install @chipi-stack/chipi-expo
2

Add Environment Variables

Add your Chipi API key to your .env file:
EXPO_PUBLIC_CHIPI_API_PUBLIC_KEY=your_chipi_api_public_key
You can get your API keys from the Chipi Dashboard.
3

Setup the Chipi SDK Provider

Wrap your app with ChipiProvider alongside your auth provider:
// App.tsx

import { ChipiProvider } from "@chipi-stack/chipi-expo";

export default function App() {
  return (
    <YourAuthProvider>
      <ChipiProvider
        config={{
          apiPublicKey: process.env.EXPO_PUBLIC_CHIPI_API_PUBLIC_KEY || "",
        }}
      >
        <YourApp />
      </ChipiProvider>
    </YourAuthProvider>
  );
}
4

Get the Bearer Token

Use your auth provider’s SDK to get a JWT token, then pass it to Chipi hooks:
// components/CreateWallet.tsx

import { useState } from "react";
import { View, TextInput, TouchableOpacity, Text } from "react-native";
import { useCreateWallet } from "@chipi-stack/chipi-expo";

// Replace with your auth provider's token method
async function getBearerToken(): Promise<string> {
  // Auth0: const { getAccessTokenSilently } = useAuth0();
  // Cognito: const session = await Auth.currentSession();
  // Okta: const { authState } = useOktaAuth();
  return "your-jwt-token";
}

export default function CreateWallet() {
  const { createWalletAsync, isLoading } = useCreateWallet();
  const [encryptKey, setEncryptKey] = useState("");

  const handleCreateWallet = async () => {
    const bearerToken = await getBearerToken();

    const response = await createWalletAsync({
      params: { encryptKey },
      bearerToken,
    });

    console.log("Wallet created:", response.publicKey);
  };

  return (
    <View style={{ padding: 16, gap: 12 }}>
      <TextInput
        secureTextEntry
        placeholder="Enter encryption key"
        value={encryptKey}
        onChangeText={setEncryptKey}
        style={{ borderWidth: 1, borderColor: "#ccc", padding: 8, borderRadius: 4 }}
      />
      <TouchableOpacity
        onPress={handleCreateWallet}
        disabled={isLoading}
        style={{ backgroundColor: "#3b82f6", padding: 12, borderRadius: 4, opacity: isLoading ? 0.5 : 1 }}
      >
        <Text style={{ color: "white", textAlign: "center" }}>
          {isLoading ? "Creating..." : "Create Wallet"}
        </Text>
      </TouchableOpacity>
    </View>
  );
}
5

Register JWKS in Chipi Dashboard

Register your auth provider’s JWKS endpoint in the Chipi Dashboard:
  1. Go to Configure > Auth Provider
  2. Select Other as your provider
  3. Paste your provider’s URL or JWKS endpoint
  4. The dashboard will try OIDC discovery automatically
  5. Click Verify & Save

Compatible providers

ProviderJWKS URL pattern
Auth0https://YOUR_DOMAIN/.well-known/jwks.json
AWS Cognitohttps://cognito-idp.REGION.amazonaws.com/POOL_ID/.well-known/jwks.json
Oktahttps://YOUR_DOMAIN/oauth2/default/v1/keys
Keycloakhttps://YOUR_HOST/realms/REALM/protocol/openid-connect/certs
Need help? Check out our Telegram Community for support and to connect with other developers.