https://supertokens.com/ logo
Title
h

hyperknot

01/13/2023, 7:51 PM
Hi, quick Q about how to authenticate the user for an API. Do I understand right that I either: - don't do anything on the frontend and I check the cookie's validity on the backend (the cookie is an Opaque token right?) - or I generate a JWT token in the frontend and then in the backend I just simply verify + decode it? Does the first solution require a network request to get the user from a cookie string, or it's somehow encoded into it, like with JWTs?
r

rp

01/14/2023, 4:12 AM
Hey @hyperknot
The access token cookie is a signed cookie. So the verification is stateless.
You can use our backend sdk’s verifySession function to verify the access token (as mentioned in our docs)