Hey all how could I use different auth
# support-questions
h
Hey all, how could I use different auth recipes accross the same application, is this possible ? In my application, I have the main app protected by email/password with a nodejs backend. This is already implemented with ST. I would like to add another small app for a specific group of people with only passwordless auth. Is this possible in the same front/back ? What would be the auth routes for example ? Can it be overriden ? The same SessionAuth does not have the same scope. You have a SessionAuth for the main app & the secondary app. Same questions for the backend. How can you differentiate the token & make sure that some routes are not authorized by one of the two apps ?
We could as well think to have a separate frontend application making use of the same backend if this would make things simplier.
r
it is possible.
the auth route by default would be the same but controlled by the
rid
query param. For example,
/auth?rid=passwordless
would show the passwordless UI but
/auth?rid=emailpassowrd
would show the email password UI
you could embed one of those components in t a different route as well (see our docs on embedding)
on the backend side, you could override the createNewSession function to add a custom claim in it signinfying which type of user it is, and then in your APIs, have checks for the routes to enforce only the right type of user has access to the API. This can be easily done via roles recipe]
h
And what would be the impact with SessionAuth
?
thanks
r
You could add the same claim checks for session auth as well
To protect certain frontend routes based on roles
3 Views