Hi, quick Q about how to authenticate the user for an API. Do I understand right that I either:
- don't do anything on the frontend and I check the cookie's validity on the backend (the cookie is an Opaque token right?)
- or I generate a JWT token in the frontend and then in the backend I just simply verify + decode it?
Does the first solution require a network request to get the user from a cookie string, or it's somehow encoded into it, like with JWTs?