Hey all how could I use different auth

Question

Hey all how could I use different auth recipes accross the same application is this possible In my application I have the main app protected by email password with a nodejs backend This is already implemented with ST I would like to add another small app for a specific group of people with only passwordless auth Is this possible in the same front back What would be the auth routes for example Can it be overriden The same SessionAuth does not have the same scope You have a SessionAuth for the main app the secondary app Same questions for the backend How can you differentiate the token make sure that some routes are not authorized by one of the two apps

HHChift · Answer

We could as well think to have a separate frontend application making use of the same backend if this would make things simplier

rp · Answer

it is possible

rp · Answer

the auth route by default would be the same but controlled by the `rid` query param For example ` auth rid=passwordless` would show the passwordless UI but ` auth rid=emailpassowrd` would show the email password UI

rp · Answer

you could embed one of those components in t a different route as well see our docs on embedding

rp · Answer

on the backend side you could override the createNewSession function to add a custom claim in it signinfying which type of user it is and then in your APIs have checks for the routes to enforce only the right type of user has access to the API This can be easily done via roles recipe

HHChift · Answer

And what would be the impact with SessionAuth

HHChift · Answer

thanks

rp · Answer

You could add the same claim checks for session auth as well

rp · Answer

To protect certain frontend routes based on roles