I can extract the token from the x-fallback-cookie in headers for the client, but there's no way to validate these access tokens in the node sdk. If you allow the node-appwrite getSessions query to include each sessions access token, one could authenticate custom endpoints through our own backends and still use the same authentication platform through appwrite.
A common pattern I use when developing backends is to create a proxy graphql server as an abstraction for every service available. When doing this, I don't want to roll my own authentication each time as it's a liability, but I want to abstract it in case I need to switch auth providers in the future. Firebase allows you to verify tokens using their node sdk and thus check the token being passed by the user in the headers.
Let me know if this makes sense, if you want further clarification, or if I'm missing something here.
Thanks for all your hard work!
I can extract the token from the x-fallback-cookie in headers for the client, but there's no way to validate these access tokens in the node sdk. If you allow the node-appwrite getSessions query to include each sessions access token, one could authenticate custom endpoints through our own backends and still use the same authentication platform through appwrite.
A common pattern I use when developing backends is to create a proxy graphql server as an abstraction for every service available. When doing this, I don't want to roll my own authentication each time as it's a liability, but I want to abstract it in case I need to switch auth providers in the future. Firebase allows you to verify tokens using their node sdk and thus check the token being passed by the user in the headers.
Let me know if this makes sense, if you want further clarification, or if I'm missing something here.
Thanks for all your hard work!