SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

My backend isn't based on Node, Go or Python, so I have the auth backend written separately in Node. The auth backend will be proxied based on the route. I'd like to secure my api backend apis, so I will call an api from my api backend to the auth backend, say `api/auth/verify-session`, and use `Session.getSession()` in the auth backend to verify the session. I'd like to know what all should be forwarded from the api backend to the auth backend, session cookie is one? Also is that data that should be forwarded subject to change? Am I using an internal implementation detail that can break?

A better way would be to enable JWT in the auth server with the session recipe

And pass the JWT to your application api server from the frontend.

That server then verifies the JWT using any JWT verification lib. No need to call the auth server and do getSession in that.

That's quite nice, thanks <@498057949541826571>