Hello Stytch Forum,
I wanted to inquire if anyone has implemented, or explored implementing Stytch as an auth provider for Grafbase.
It appears Grafbase supports any OpenID Connect provider that adheres to the OpenID Connect Discovery spec, so I suspect it should be pretty easy.
Thank you for any experience you can share!
Hey Luke,
Thanks for posting!
I’m not aware of anyone that has implemented Stytch with Grafbase, but looking through their docs it looks like this should be possible!
Stytch doesn’t currently function as an OIDC-compliant IdP, but it looks like Grafbase also supports integrating via JWKS, which looks like it will work with Stytch.
You’d want to pull the iss claim from your Stytch JWKS to set the ISSUER_URL (pulled via our Get JWKS endpoint) and set the jwksEndpoint to the corresponding Stytch API endpoint (e.g. https://test.stytch.com/v1/sessions/jwks/{project_id} for our Test environment).
It looks like Grafbase should then pull the JWKS from Stytch to validate Stytch-generated JWTs. One thing to point out is that Stytch rotates JWKS every ~6 months or so, though it looks like Grafbase should handle this automatically via the jwksEndpoint provided by pulling in the most recent JWKS.
I hope this helps, but definitely feel free to reach out with any specific questions that might arise during implementation!