Hi all, I've a small question with regarding to the concepts of supertokens. So as said, Front end u...

vigneshkumar5238

04/10/2023, 1:06 PM

Hi all, I've a small question with regarding to the concepts of supertokens. So as said, Front end uses FDI for communicating with backend SDK and Backend uses CDI to communicate with core. So why shouldn't we directly access CDI from the frontend SDK itself?

rp_st

04/10/2023, 1:16 PM

hey @vigneshkumar5238 cause the backend SDK apis do a lot of input checking + the CDI APIs are like admin api for your app. If you expose without an API key, it will allow anyone to do operations like delete users

rp_st

04/10/2023, 1:17 PM

also, the core doesn't do things like set response cookies etc..

rp_st

04/10/2023, 1:27 PM

well.. you can use it in a simple way. Call the core's API to sign in. Call the core's API create a jwt and then send that to the frontend however you like. In this case you don;t need our frontend sdk or anything either.

vigneshkumar5238

04/10/2023, 1:32 PM

So what you are suggesting is to use the supertokens-core APIs for authentication and jwt processes from the springboot itself as a rest calls. by this way, I'm just gonna use supertokens-core APIs for me to exploit for my purposes right?

rp_st

04/10/2023, 1:53 PM

> So what you are suggesting is to use the supertokens-core APIs for authentication and jwt processes from the springboot itself as a rest calls. Yea. This could work. > I'm just gonna use supertokens-core APIs for me to exploit for my purposes right? Yea

vigneshkumar5238

04/10/2023, 5:51 PM

Thanks @rp_st 🙂

vigneshkumar5238

04/11/2023, 6:32 AM

Hi @rp_st , Just another doubt regarding the same, since you suggested using the JWTs and APIs for the backend, is it possible for me to use the session tokens in the same using the APIs?

rp_st

04/11/2023, 6:43 AM

it is possible, but you will have to manually attach and manage the session tokens to the response according to our protocol.

rp_st

04/11/2023, 7:03 AM

well, it's not the best way. Ideally we recommend that people spin up a node server with our backend SDK and use that as the auth server to their application backend. The node server would create sessions between the frontend and the backend, and you can then fetch short live JWTs (which auto refresh), and use that to query your application backend.

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).