SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hi, quick Q about how to authenticate the user for an API. Do I understand right that I either:
- don't do anything on the frontend and I check the cookie's validity on the backend (the cookie is an Opaque token right?)
- or I generate a JWT token in the frontend and then in the backend I just simply verify + decode it?

Does the first solution require a network request to get the user from a cookie string, or it's somehow encoded into it, like with JWTs?

The access token cookie is a signed cookie. So the verification is stateless.

You can use our backend sdk’s verifySession function to verify the access token (as mentioned in our docs)