Self-hosted User Pools allow you to authenticate calls to Anon’s API with ID tokens from your existing auth provider (i.e. Cognito, Clerk, Stytch, etc.). This means that instead of calling Anon’s API to issue appUserIdTokens, you can use the ID tokens returned by your OAuth provider.

Connecting your Users

To allow your users to connect to Anon’s API from within your application (e.g. a web app, a mobile app, or browser extension), you’ll need to create a which tells Anon how to authenticate your users with Anon’s APIs.

You’ll need an API Key to continue with this guide. Head to the Anon Console to create one.

Getting your JSON Web Key Set (JWKS) Public URL

In this guide, you’ll create a that uses a JSON Web Key Set to authenticate your users with Anon’s APIs using their existing id_token from your OAuth Authorization Server.

Anon can support any OAuth provider (such as Auth0 or Stytch) that uses JSON Web Key Sets for verifying signatures of an OIDC JWT id_token.

Follow this guide to obtain your JWKS public url.

Alternatively, you can host your own JWKS.

Save your JWKS public url to an environment variable ANON_JWKS_PUBLIC_URL for easy reference.

Creating a Self-hosted UserPool

Now that you have the JWKS public url for verifying an id_token from your OAuth provider, you’re ready to create a .

By default, the sub claim of the ID token JWT is used for inferring the ID of the user. However this can be customized using the optional idClaim parameter alongside the jwksUri parameter.

Set the ANON_API_KEY environment variable to your API Key.

Send off the request to create a :

cat userPool.json | curl --request POST \
  --url https://svc.sandbox.anon.com/org/userPool \
  --header "Authorization: Bearer $ANON_API_KEY" \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "WebAppUsers",
    "description": "Users of coolkid.ai's web app.",
    "authorization": {
      "jwksUri": "$ANON_JWKS_PUBLIC_URL"
    }
  }'

You should see a response like:

{
  "id": "fb874282-e83b-4939-83a2-e8530d31475e",
  "name": "WebAppUsers",
  "description": "Users of coolkid.ai's web app.",
  "authorization": {
    "jwksUri": "<ANON_JWKS_PUBLIC_URL>",
    "idClaim": "sub"
  }
}

Save the response["id"] to the environment variable ANON_USER_POOL_ID.

Create an SdkClient for your UserPool

Send off the request to create the :

curl --request POST \
  --url https://svc.sandbox.anon.com/org/sdkClient \
  --header "Authorization: Bearer $ANON_API_KEY" \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "CoolService",
    "description": "CoolService connected to UserPool",
    "kind": {
      "application": {
        "userPoolId": "$ANON_USER_POOL_ID"
      }
    }
  }'

You’ll receive a response like:

{
  "id": "<ANON_SDK_CLIENT_ID>",
  "name": "CoolService",
  "description": "CoolService connected to UserPool",
  "auth": {
    "type": "userPool",
    "userPoolId": "<ANON_USER_POOL_ID>"
  }
}

Save the response["id"]. This is the clientId you’ll use when requesting Anon Link urls or using the Link SDK for iOS.

You’re ready to start connecting your users! Now you can use ID tokens for your auth provider in place of the appUserIdToken parameter.

Choose Your Platform

Web

Integrate with your web app

iOS

Integrate with your iOS app

Was this page helpful?

Embedded Link UIOverview