I'm using Next.js (frontend and SSR) + FastAPI (as a traditional backend). The FastAPI backend is th...

petrgazarov

04/23/2023, 8:40 AM

I'm using Next.js (frontend and SSR) + FastAPI (as a traditional backend). The FastAPI backend is the same application logically (same domain and can be called from the browser directly). Do you recommend using a JWT session for this architecture, and sending the JWT to FastAPI?

rp_st

04/23/2023, 8:41 AM

Hey @petrgazarov I wouldn’t recommend enabling the JWT feature here. Just use the session cookies and use our backend SDK to verify the sessions in fastapi

petrgazarov

04/23/2023, 8:50 AM

I see, makes sense! I'm also considering having multiple domains. Like so: app.my-domain.com (client application) api.my-domain.com (api) In this case, I can't set a cookie for api because it's not the same domain. Is there a way to make a non-JWT approach work in this case?

channels

04/23/2023, 9:06 AM

hey i apologise if i am wrong, but i think looking into cors will clear this up

rp_st

04/23/2023, 11:40 AM

Also, there is a setting called cookieDomain in the backend’s session.init which allows you to share cookies across sub domains.

rp_st

04/23/2023, 11:41 AM

Setting the value to “.my-domain.com” would allow sharing across all the sub domains of that site

petrgazarov

04/23/2023, 10:43 PM

Cool thanks

petrgazarov

04/24/2023, 6:34 AM

I haven't tried it in production on different domains yet, but so far it works nicely on localhost. I use Next.js for session verification only, all other supertokens backend routes are in FastAPI.

petrgazarov

04/24/2023, 6:36 AM

Love that supertokens is very flexible. It definitely has a learning curve, but the more I use it, the more I like it.

rp_st

04/24/2023, 6:39 AM

great! let us know if you run into issues 🙂

72 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).