https://supertokens.com/ logo
Architecture question
p

petrgazarov

04/23/2023, 8:40 AM
I'm using Next.js (frontend and SSR) + FastAPI (as a traditional backend). The FastAPI backend is the same application logically (same domain and can be called from the browser directly). Do you recommend using a JWT session for this architecture, and sending the JWT to FastAPI?
r

rp

04/23/2023, 8:41 AM
Hey @petrgazarov I wouldn’t recommend enabling the JWT feature here. Just use the session cookies and use our backend SDK to verify the sessions in fastapi
p

petrgazarov

04/23/2023, 8:50 AM
I see, makes sense! I'm also considering having multiple domains. Like so: app.my-domain.com (client application) api.my-domain.com (api) In this case, I can't set a cookie for api because it's not the same domain. Is there a way to make a non-JWT approach work in this case?
c

channels

04/23/2023, 9:06 AM
hey i apologise if i am wrong, but i think looking into cors will clear this up
r

rp

04/23/2023, 11:40 AM
Also, there is a setting called cookieDomain in the backend’s session.init which allows you to share cookies across sub domains.
Setting the value to “.my-domain.com” would allow sharing across all the sub domains of that site
p

petrgazarov

04/23/2023, 10:43 PM
Cool thanks
I haven't tried it in production on different domains yet, but so far it works nicely on localhost. I use Next.js for session verification only, all other supertokens backend routes are in FastAPI.
Love that supertokens is very flexible. It definitely has a learning curve, but the more I use it, the more I like it.
r

rp

04/24/2023, 6:39 AM
great! let us know if you run into issues 🙂