I've got a question about JWTs. I'm using NextJS integration with sessions and JWTs. I have another service (on another domain) I would like to be able to make authenticated API requests to. Could I just pass the JWT in a header to that other service and verify the JWT against the nextjs JWKS endpoint? You folks are the auth experts, is this ok? Not ok? Hard? Easy? Stupid?
11/28/2022, 6:02 PM
yea absolutely! that works well.
11/28/2022, 6:03 PM
Just a q, is this middleware something that would be useful in supertokens-node? Or is it really a "you could do it this way, but we don't want to particularly endorse it"
11/28/2022, 6:05 PM
> is this middleware something that would be useful in supertokens-node?
What do you mean?
11/28/2022, 6:18 PM
I see supertokesn-node has verifySession middleware in supertokens-node, but there's no verifyToken or verifyJWT middleware. Would it be useful? Honestly, I'm loving supertokens so much, I'm angling to contribute in any way I can
11/29/2022, 5:43 AM
there is no such middleware at the moment, but we are working on it soon.
Essentially have a version of getSession which takes the access token as an input