• constantinos

    constantinos

    10 months ago
    Oh great. About my original question, will I need to implement a reverse proxy as described here? https://github.com/supertokens/supertokens-core/issues/280
  • constantinos

    constantinos

    10 months ago
  • constantinos

    constantinos

    10 months ago
    Let me know if there's docs on your site that explain how reverse proxy's work. I dont understand them
  • r

    rp

    10 months ago
    You would need a reverse proxy. Yes.
  • r

    rp

    10 months ago
    Do you have any other API backend other than hasura?
  • constantinos

    constantinos

    10 months ago
    Only some serverless functions with Vercel
  • r

    rp

    10 months ago
    Give me sometime. I’ll reply in a bit 🙂
  • r

    rp

    10 months ago
    @User , you would need to host your own backend that integrates with SuperTokens' backend SDK. This backend could be reachable via a sub domain of your frontend. It would expose all the APIs that are provided by supertokens, which your frontend would use. Then there are three methods for auth with Hasura1) After a user is logged in, you could extract a JWT from the session and pass that to Hasura for auth. Extracting a JWT is still a feature that's work in progress.. It should be avaialbel in 1-2 weeks from now. 2) You could proxy requests to Hasura via your backend API layer which would use our
    verifySession
    middleware. 3) You could store the user's session ID on the frontend and pass that to Hasura when you query it. Then Hasura can use a custom auth hook to query SuperTokens' core to check if the session ID is valid or not. ---------------------- Out of these, number (2) is the most secure since it doesn't expose any of the session tokens to the frontend (therby preventing token theft via XSS attacks) (1) is the most popular since it's easy to use. ---------------------- Anyhow, you would need to host an API server which would integrate with SuperTokens' backend SDK.
  • d

    Deleted User

    10 months ago
    hjust wanted to say I'm really impressed with super tokens
  • d

    Deleted User

    10 months ago
    my biggest complaint with Auth0 specifically was their damn documentation being terrible if not incomplete if not even worse than that at times