> ## Documentation Index > Fetch the complete documentation index at: https://docs.moca.network/llms.txt > Use this file to discover all available pages before exploring further. # Bring Your Own Auth > Skip the AIR Kit login dialog and pass users from your existing auth (Firebase, Auth0, Supabase, or custom) into AIR Kit sessions using a Partner JWT. If your app already authenticates users (via Firebase, Auth0, Supabase, or a custom system), you can bypass the AIR Kit login dialog and pass the authenticated user straight into an AIR Kit session. This is called **Custom Auth** (or BYO Auth). ## How it works 1. Your app authenticates the user through your own system. 2. Your backend signs a Partner JWT containing the user's `email` and `partnerUserId`. 3. Your frontend passes that JWT to `airService.login({ authToken })`. 4. AIR Kit creates or loads the user's AIR Account, skipping the built-in login UI. When an email is provided in the JWT, AIR Kit verifies it with a one-time password the first time. After that initial verification, subsequent logins are seamless. ## Prerequisites * AIR Kit SDK installed and initialized. See [Installation](/airkit/usage/installation). * [Partner JWT signing](/airkit/usage/partner-authentication) configured (RS256 or ES256). * The authenticated user's email address available on your backend. ## Step 1: Generate a Partner JWT on your backend Include `email` and `partnerUserId` alongside `partnerId`: ```js theme={null} const jwt = require("jsonwebtoken"); const fs = require("fs"); const privateKey = fs.readFileSync("path/to/private.key"); function getAuthToken(user) { const now = Math.floor(Date.now() / 1000); return jwt.sign( { partnerId: process.env.PARTNER_ID, email: user.email, partnerUserId: user.id, iat: now, exp: now + 5 * 60, }, privateKey, { algorithm: "RS256", header: { kid: process.env.KEY_ID } } ); } // Express example app.get("/api/air-token", requireAuth, (req, res) => { const token = getAuthToken(req.user); res.json({ token }); }); ``` ## Step 2: Fetch the token and log in on the frontend ```ts theme={null} const airService = new AirService(); await airService.init({ partnerId: "your-partner-id" }); const res = await fetch("/api/air-token"); const { token } = await res.json(); const loginResult = await airService.login({ authToken: token }); console.log("AIR Account address:", loginResult.abstractAccountAddress); ``` The user is now logged into AIR Kit without seeing any login dialog. Their AIR Account is tied to the email from your system. ## Step 3: Use AIR Kit features normally After login, all SDK methods work as usual — issue credentials, verify credentials, access smart accounts: ```ts theme={null} if (airService.isLoggedIn) { const userInfo = await airService.getUserInfo(); console.log("User:", userInfo); } ``` ## JWT payload reference ```json theme={null} { "partnerId": "your-partner-id", "email": "user@example.com", "partnerUserId": "usr_abc123", "exp": 1728973684, "iat": 1728970084 } ``` | Field | Required | Description | | --------------- | --------------------- | ------------------------------------------------------------------------- | | `partnerId` | Yes | Your Partner ID | | `email` | Yes (for custom auth) | The user's verified email, used as their AIR Account identifier | | `partnerUserId` | Recommended | Your internal user ID, persisted on the AIR Account for cross-referencing | | `exp` | Yes | Token expiration (recommended: 5 minutes) | ## Next steps * [User Login & Sessions](/airkit/usage/user-authentication) for the full authentication reference * [Partner Authentication](/airkit/usage/partner-authentication) for JWT signing setup * [User Management](/airkit/usage/user-management) for session handling, MFA, and user info