Using an external JWT to authenticate/authorize Users on Strapi

My use case is as follows: We already have an app that has users and permissions and issues a JWT during login. I’d like to enable users with certain permissions to edit/add content on Strapi without having to create user accounts for them on Strapi by hand or requiring them to login on the Strapi UI. There is another set of users who will be allowed to view the content through the Strapi API using their JWTs as well.

  1. Is it possible to extend the Strapi API to accept 3rd party JWT tokens?
  2. How easy/difficult is it to extend the authz layer in Strapi to avoid duplicating permissions/users/roles?

I think I found the resource I need to dig into this topic on github:

1 Like

You may read the same resource here.