How should I protect an external endpoint outside of next-auth? #1518
Unanswered
TheHolyWaffle
asked this question in
Help
Replies: 1 comment 5 replies
-
For now, I've created a secondary jwt token in the session callback and verify that one in my websocket server. Based upon an earlier suggestion #643
Now I'm wondering if this callback is the right place, or if |
Beta Was this translation helpful? Give feedback.
5 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm curious as to what the best approach is here.
I currently have a hybrid setup where nextjs and the
api
pages provide one portion of the api. And a websocket endpoint is hosted on a different server. The client-side js should be able to create a websocket connection by passing the encoded JWT as a query parameter.Now I was wondering what the best approach is to validate the JWT token on websocket side? And how I can even get access to an encoded JWT on the client side?
Cookies are not a option, since they are not included when making a websocket connection to a different domain.
Beta Was this translation helpful? Give feedback.
All reactions