> ## Documentation Index > Fetch the complete documentation index at: https://docs.turso.tech/llms.txt > Use this file to discover all available pages before exploring further. # External Auth Providers Instead of managing tokens manually, you can let your authentication provider issue JWT tokens using JWKS. This allows you to leverage your existing auth infrastructure (e.g., Clerk, Auth0). During the Turso Beta, we only support Clerk & Auth0 as OIDC providers. Use the Turso CLI to generate a JWT claims template for your auth provider: ```bash theme={null} # Full access to a database turso org jwks template --database --scope full-access # Read-only access to a group turso org jwks template --group --scope read-only # Fine-grained permissions turso org jwks template \ --database \ --permissions all:data_read \ --permissions comments:data_add ``` Copy the generated template into your auth provider's JWT configuration. Register your auth provider's JWKS endpoint with your Turso organization: ```bash theme={null} turso org jwks save ``` For example, with Clerk: ```bash theme={null} turso org jwks save clerk https://your-app.clerk.accounts.dev/.well-known/jwks.json ``` You can also add JWKS endpoints in the [Turso Dashboard](https://turso.tech/app) under organization settings. Get the JWT from your auth provider and pass it as the `authToken`: ```javascript theme={null} import { createClient } from "@tursodatabase/serverless"; const authToken = await getAuthToken(); // e.g., from Clerk, Auth0 const db = createClient({ url: "", authToken, }); ``` ## Managing JWKS Endpoints ```bash theme={null} # List all JWKS endpoints turso org jwks list # Remove a JWKS endpoint turso org jwks remove ``` If you don't setup a JWT template with specific permissions, the generated tokens will have access to **all databases in all groups** by default.