Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Architecture question
p
petrgazarov
04/23/2023, 8:40 AMI'm using Next.js (frontend and SSR) + FastAPI (as a traditional backend). The FastAPI backend is the same application logically (same domain and can be called from the browser directly). Do you recommend using a JWT session for this architecture, and sending the JWT to FastAPI?
r
rp
04/23/2023, 8:41 AMHey @petrgazarov I wouldn’t recommend enabling the JWT feature here. Just use the session cookies and use our backend SDK to verify the sessions in fastapi
p
petrgazarov
04/23/2023, 8:50 AMI see, makes sense! I'm also considering having multiple domains.
Like so:
app.my-domain.com (client application)
api.my-domain.com (api)
In this case, I can't set a cookie for api because it's not the same domain. Is there a way to make a non-JWT approach work in this case?
c
channels
04/23/2023, 9:06 AMhey i apologise if i am wrong, but i think looking into cors will clear this up
r
rp
04/23/2023, 11:40 AMAlso, there is a setting called cookieDomain in the backend’s session.init which allows you to share cookies across sub domains.
Setting the value to “.my-domain.com” would allow sharing across all the sub domains of that site
p
petrgazarov
04/23/2023, 10:43 PMCool thanks
I haven't tried it in production on different domains yet, but so far it works nicely on localhost. I use Next.js for session verification only, all other supertokens backend routes are in FastAPI.
Love that supertokens is very flexible. It definitely has a learning curve, but the more I use it, the more I like it.
r
rp
04/24/2023, 6:39 AMgreat! let us know if you run into issues 🙂