I'm using Next.js (frontend and SSR) + FastAPI (as a traditional backend). The FastAPI backend is the same application logically (same domain and can be called from the browser directly). Do you recommend using a JWT session for this architecture, and sending the JWT to FastAPI?
r
rp
04/23/2023, 8:41 AM
Hey @petrgazarov I wouldn’t recommend enabling the JWT feature here. Just use the session cookies and use our backend SDK to verify the sessions in fastapi
p
petrgazarov
04/23/2023, 8:50 AM
I see, makes sense! I'm also considering having multiple domains.
Like so:
app.my-domain.com (client application)
api.my-domain.com (api)
In this case, I can't set a cookie for api because it's not the same domain. Is there a way to make a non-JWT approach work in this case?
c
channels
04/23/2023, 9:06 AM
hey i apologise if i am wrong, but i think looking into cors will clear this up
r
rp
04/23/2023, 11:40 AM
Also, there is a setting called cookieDomain in the backend’s session.init which allows you to share cookies across sub domains.
Setting the value to “.my-domain.com” would allow sharing across all the sub domains of that site
p
petrgazarov
04/23/2023, 10:43 PM
Cool thanks
I haven't tried it in production on different domains yet, but so far it works nicely on localhost. I use Next.js for session verification only, all other supertokens backend routes are in FastAPI.
Love that supertokens is very flexible. It definitely has a learning curve, but the more I use it, the more I like it.