how mongodb schema looks like with supertokens?

aimproxy

07/08/2022, 7:32 PM

how mongodb schema looks like with supertokens?

rp_st

07/09/2022, 4:12 AM

Hey! We support mongodb only for the session recipe and nothing else.

rp_st

07/09/2022, 4:13 AM

We don’t have the mongodb schema documented, so the easiest way for you to see it is to connect it to the database and then create a new session.

aimproxy

07/09/2022, 10:43 AM

hey thx for reaching out

aimproxy

07/09/2022, 10:44 AM

we already use redis to store session lifetime token for shopify

rp_st

07/09/2022, 10:45 AM

ah right.

aimproxy

07/09/2022, 10:51 AM

we've been studying which technologies to use for the database and we've come to the conclusion that maybe mongodb would be a good choice, since there aren't many relationships and it looks more like the json format.

aimproxy

07/09/2022, 10:51 AM

we prefer a hosted solution so we don't have to deal with hosting

rp_st

07/09/2022, 10:51 AM

I see. In that case, you may want to use our managed service version in which we host the supertokens' db for you

rp_st

07/09/2022, 10:52 AM

So you can sign up to supertokens.com, and get a dedicated supertokens core for your app with all the features.

aimproxy

07/09/2022, 10:52 AM

hmmm. Our app ise serverless in order to do it we need a rest api to fetch the sessions

rp_st

07/09/2022, 10:55 AM

What do you mean by "we need a rest api to fetch the sessions"?

aimproxy

07/09/2022, 10:58 AM

in a serverless environment, in this case edge functions at vercel, thing have to go through rest apis indestead of libraries like @redis or @kakfa which depend from nodejs and not every nodejs function is available at the edge

rp_st

07/09/2022, 10:58 AM

hmmm i see

aimproxy

07/09/2022, 10:59 AM

in our case we have a middleware

_middleware.ts

who fetch the session from shopify and checks if the user is authenticated.

rp_st

07/09/2022, 11:00 AM

So where do you intent to integrate the supertokens' node SDK?

rp_st

07/09/2022, 11:00 AM

In a separate service? Or in the edge functions itself?

aimproxy

07/09/2022, 11:02 AM

on the edge it self, middlewares on nextjs when hosted by vercel runs on the edge

rp_st

07/09/2022, 11:03 AM

Right I see.

rp_st

07/09/2022, 11:03 AM

So in that case, you can follow our nextjs guide - it doesn't use the middleware feature yet, but uses the serverless API feature of nextjs

rp_st

07/09/2022, 11:03 AM

and you can use our session verification functions from the node SDK to do session verification easily.

aimproxy

07/09/2022, 11:04 AM

I see

rp_st

07/09/2022, 11:04 AM

Here is an example of how session verification can be done: https://supertokens.com/docs/thirdpartyemailpassword/nextjs/session-verification/in-api

aimproxy

07/09/2022, 11:15 AM

Edge middlewares are not meant for this, an edge middleware executes before a request is processed, if we your implementation requires to call an api to verify a session it is not cost effective. Instead they should interact with cookies as we do with shopify, we grab the cookie, checks if is valid and redirects to the shopify login or install page

aimproxy

07/09/2022, 11:16 AM

https://next-auth.js.org is better suited for the job

rp_st

07/09/2022, 11:18 AM

right I see. In that case, you may want to do the following: - Enable JWTs in our session. - Send the JWT to your edge functions for verification - Verify the JWT using the public key (no IO required). - Continue the execution of the edge function. For the APIs that are required by the frontend for sign in, sign up, signout etc.. you can use our backend SDK in a node process that you host somewhere.

aimproxy

07/09/2022, 11:19 AM

hmm that may work

rp_st

07/09/2022, 11:19 AM

yup!

rp_st

07/09/2022, 11:19 AM

Just curious, why don't you just use next-auth?

aimproxy

07/09/2022, 11:20 AM

I asked my self that question

aimproxy

07/09/2022, 11:20 AM

I think I just feel more secure if the authentication and session management where handled else here on a managed service

rp_st

07/09/2022, 11:21 AM

right. Alright

aimproxy

07/09/2022, 11:21 AM

with next-auth we will be kinda "hosting" authentication on edge functions

rp_st

07/09/2022, 11:22 AM

yup. That is true

aimproxy

07/09/2022, 11:22 AM

but isn't that that same when we wrap supertokens sdk to edge functions

rp_st

07/09/2022, 11:22 AM

that is.

rp_st

07/09/2022, 11:22 AM

That's why i suggested the other approach

rp_st

07/09/2022, 11:22 AM

which is just to send the JWT to edge functions and host a separate node process that uses our node SDK

rp_st

07/09/2022, 11:22 AM

in that way, you won't be hosting auth in edge functions.

aimproxy

07/09/2022, 11:23 AM

ohright!

aimproxy

07/09/2022, 11:24 AM

for my needs I don't think that we will be in any trouble because we don't have millions of customers

aimproxy

07/09/2022, 11:24 AM

logging in at the same time

rp_st

07/09/2022, 11:25 AM

yea.. and logging in / out is a relatively rare operation anyway

aimproxy

07/09/2022, 11:25 AM

I say like 70~ customers daily wont affect edge functions

rp_st

07/09/2022, 11:25 AM

that should not be a problem at all

aimproxy

07/09/2022, 11:25 AM

I may see next-auth first as it supports redis

aimproxy

07/09/2022, 11:26 AM

thx for your help

rp_st

07/09/2022, 11:26 AM

happy to help.

aimproxy

07/09/2022, 11:26 AM

this conversation is downloadable?

aimproxy

07/09/2022, 11:27 AM

i guess not

rp_st

07/09/2022, 11:28 AM

im not sure if you can do that via discord directly, but we have https://community.supertokens.com/ where this conversation will show up once this thread is archived

rp_st

07/09/2022, 11:28 AM

(it may take a day i think for it to sync up)

21 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).