doubt is how we handle authentication using aws-amplify/auth?
I called signIn and it's logged in. There are cookies saved. Now my server is not on same domain. So when I do fetch calls, how do I get access token? The APIs are on an AWS API gateway and I can't expose the URL to client side. So the frontend server will need to route my calls from browser to API.
I'm thinking of authenticating on the frontend server and sending an http only cookie to browser so that the request even on initial load will send the cookie to front-end server and it can use that token to route the client call to API gateway.
I don't know if it's how things work.
TLDR: What's the general practice for token management on an SSR setup & cross domain API?
I usually use a self-hosted version of supertokens.com for authentication. Alternately you can just write your authentication logic on the sveltekit's backend (src/routes/+page.server.ts) or, even better, using hooks (src/hooks.server.ts)
How do we manage refreshing tokens though?
Are you having your front end server proxy the calls just for the cookie/domain issue? There are other ways around that problem. But in any case, if you’re doing ssr there’s really no way around having some kind of credential in a cookie. Just putting the same credential you’d use when talking to the backend in a httponly cookie is probably the simplest thing, I don’t see any issue with doing that
Обсуждают сегодня