> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate with an external JWT

> Sign users into Dynamic with a JWT issued by your own authentication provider.

<Note>
  Bring Your Own Auth (BYOA) is an enterprise feature. Contact us [in Slack](https://dynamic.xyz/slack) or at [hello@dynamic.xyz](mailto:hello@dynamic.xyz) to enable it.
</Note>

If you already issue your own JWTs (e.g. from Auth0, Firebase Auth, Supabase, or your own backend), you can exchange that JWT for a Dynamic session. After sign-in, the user behaves like any other Dynamic user — with access to wallets, user management, and the rest of the SDK.

For concepts and configuration, see [Bring Your Own Auth](/overview/authentication/bring-your-own-auth).

<Note>
  Issue a Dynamic-specific JWT from your auth provider — separate from your application's normal access token — so the token Dynamic receives cannot be used to access resources on your own servers. See [Bring Your Own Auth](/overview/authentication/bring-your-own-auth) for the full recommendation.
</Note>

## Prerequisites

* [BYOA configured](/overview/authentication/bring-your-own-auth) in your Dynamic dashboard (issuer, JWKS URL).
* Dynamic client created and initialized (see the [React Native quickstart](/react-native/reference/quickstart)).
* Your backend issues a JWT with at least `iss`, `sub`, and `exp` claims.

## Usage

Call `signInWithExternalJwt` on the Dynamic client's external auth. Dynamic verifies the signature against your configured JWKS URL, validates the claims, and establishes a session.

```tsx React Native theme={"system"}
import { dynamicClient } from '<path to client file>';

const signIn = async (externalJwt: string, externalUserId: string) => {
  try {
    await dynamicClient.auth.external.signInWithExternalJwt({
      externalJwt,
      externalUserId,
    });

  } catch (e) {
    console.error('Dynamic sign-in failed:', e);
  }
};
```

## Parameters

| Parameter        | Type     | Required | Description                                                                                                                                              |
| ---------------- | -------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `externalJwt`    | `string` | Yes      | The raw encoded JWT issued by your authentication provider.                                                                                              |
| `externalUserId` | `string` | Yes      | The user ID in your authentication system. Must match the `sub` claim in the JWT — Dynamic derives the stored external user ID from the JWT server-side. |

## Related

* [Bring Your Own Auth](/overview/authentication/bring-your-own-auth) — Concepts, configuration, and JWT requirements.
* [Dynamic client reference](/react-native/reference/package-references/client) — All methods available on the client.
