Support For Verifying JWT Token using the Server API #511
Comments
ereio
changed the title
|
Here's a link to the equivalent in firebase: https://firebase.google.com/docs/auth/admin/verify-id-tokens |
|
@ereio Would a JWT implementation (https://jwt.io/) in the Appwrite users/account APIs help you accomplish this use case? |
|
yes, that would be great |
eldadfux
changed the title
|
Added this feature request to our roadmap |
|
I always wanted to have this JWT auth in addition to cookie based auth. Its way easier to manage the JWT token from Local Storage. I am excited to learn that it is being implemented. Moreover, its equally secure as cookie based auth. |
|
JWT draft PR is ready: https://github.com/appwrite/appwrite/pull/784/files 🎉 |
|
JWT is available in a closed beta, if anyone wants to try it please reach me on Discord. |
eldadfux
added
the
waiting for release
|
This got fixed with https://github.com/appwrite/appwrite/releases/tag/0.8.0 👏🏻 |
|
Help me |
eldadfux
removed
the
waiting for release
I can extract the token from the x-fallback-cookie in headers for the client, but there's no way to validate these access tokens in the node sdk. If you allow the node-appwrite getSessions query to include each sessions access token, one could authenticate custom endpoints through our own backends and still use the same authentication platform through appwrite.
A common pattern I use when developing backends is to create a proxy graphql server as an abstraction for every service available. When doing this, I don't want to roll my own authentication each time as it's a liability, but I want to abstract it in case I need to switch auth providers in the future. Firebase allows you to verify tokens using their node sdk and thus check the token being passed by the user in the headers.
Let me know if this makes sense, if you want further clarification, or if I'm missing something here.
Thanks for all your hard work!
The text was updated successfully, but these errors were encountered: