Hey all, how could I use different auth recipes ac...
# support-questions-legacyh
hhchift
05/17/2023, 11:25 AMHey all, how could I use different auth recipes accross the same application, is this possible ? In my application, I have the main app protected by email/password with a nodejs backend. This is already implemented with ST. I would like to add another small app for a specific group of people with only passwordless auth. Is this possible in the same front/back ? What would be the auth routes for example ? Can it be overriden ? The same SessionAuth does not have the same scope. You have a SessionAuth for the main app & the secondary app. Same questions for the backend. How can you differentiate the token & make sure that some routes are not authorized by one of the two apps ?
hhchift
05/17/2023, 11:26 AMWe could as well think to have a separate frontend application making use of the same backend if this would make things simplier.
r
rp_st
05/17/2023, 11:46 AMit is possible.
rp_st
05/17/2023, 11:47 AMthe auth route by default would be the same but controlled by the
rid/auth?rid=passwordless/auth?rid=emailpassowrdrp_st
05/17/2023, 11:47 AMyou could embed one of those components in t a different route as well (see our docs on embedding)
rp_st
05/17/2023, 11:48 AMon the backend side, you could override the createNewSession function to add a custom claim in it signinfying which type of user it is, and then in your APIs, have checks for the routes to enforce only the right type of user has access to the API. This can be easily done via roles recipe]
h
hhchift
05/17/2023, 1:44 PMAnd what would be the impact with SessionAuth
hhchift
05/17/2023, 1:44 PM?
hhchift
05/17/2023, 1:44 PMthanks
r
rp_st
05/17/2023, 1:51 PMYou could add the same claim checks for session auth as well
rp_st
05/17/2023, 1:51 PMTo protect certain frontend routes based on roles
6 Views