Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is it a good idea to add a token to the session object? #547

Closed
2 of 5 tasks
arunoda opened this issue Aug 5, 2020 · 3 comments
Closed
2 of 5 tasks

Is it a good idea to add a token to the session object? #547

arunoda opened this issue Aug 5, 2020 · 3 comments
Labels
question Ask how to do something or how something works

Comments

@arunoda
Copy link
Contributor

arunoda commented Aug 5, 2020

Your question

I have a Next.js app and separate API server. So, I want to add social authentication to that. As a part of that process, I need to send a token(for the API server) to the client side. So, client app can talk to the API server directly.
I am trying to send that token inside a session using callbacks.

I want to know whether it's a good idea or potential issues.

What are you trying to do

  • This is how adding auth support for GetStarted
  • It has a Next.js app and a separate API server
  • We are trying to next-auth and add social login support
  • We will use JWT as the session
  • After signin, we will create a token inside the backend service and store it inside the token. (using callbacks)
  • Then we will expose that token inside the session
  • Now client side app can directly talk to the API server from the browser using this token

Documentation feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.

  • Found the documentation helpful
  • Found documentation but was incomplete
  • Could not find relevant documentation
  • Found the example project helpful
  • Did not find the example project helpful

Existing docs on callbacks is very clear. Here's I am asking feedback for a specific use case.
Which is common a use case, but I cannot find info on what I'm looking in the docs or inside issues.

@arunoda arunoda added the question Ask how to do something or how something works label Aug 5, 2020
@iaincollins
Copy link
Member

iaincollins commented Aug 5, 2020

Hi Arunoda!

If using a JWT for sessions I think that's a great idea to add it to the token, as it can be persisted inside the token (and if it later needs to be updated because its stale, the callback can do that too).

If you were using a database sessions instead then it's still not a terrible idea, but if you had to make a REST call to get it every time the session was checked, you might be better off creating a dedicated API endpoint to return it in that case.

Creating a dedicated API endpoint that sits behind a check to getSession() to return data like tokens is not a bad idea in either case (with JWT sessions or with database sessions), especially once the amount of data you might need to return grows over time, but might be overkill in this case.

If you are using JWT for sessions and only have one or two tokens to worry about then passing it from the token to the session seems very sensible and I can't see any problems with that.

@arunoda
Copy link
Contributor Author

arunoda commented Aug 5, 2020

Thanks @iaincollins for ideas and suggestions.
I think we can close this issue now.

@arunoda arunoda closed this as completed Aug 5, 2020
@YuriFontella
Copy link

@arunoda managed to develop your idea?
Could you explain what type of token it generated within the session and how it validated in your api?

Appreciate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Ask how to do something or how something works
Projects
None yet
Development

No branches or pull requests

3 participants