feature: Move auth to be jwt only

Question

feature: Move auth to be jwt only

Closed this issue 13 days ago · 3 comments

We need to move off of next auth since we want to support react native
This would mean we use a simple cookie based auth for nextjs and jwt based auth for mobile apps.

Whenever the user signs in, we set the cookie on the domain for the browser.

If the user logs in from mobile (/api/signin/mobile) , they get back a JWT that they can send in every future request to authenticate themselves.

Answer 1 · 2024-06-04T18:04:39.000Z

wokring on this

Answer 2 · 2024-06-04T19:13:07.000Z

@devsargam we're thinking of keeping next auth
And along with it introducing another endpoint that mobile can hit and get back a jwt

That way we dont have to touch the existing web code, can just expose an extra /signin/mobile endpoint for mobile

At the API route level we should update the middleware to check both next auth/authorization header

Answer 3 · 2024-06-06T10:53:29.000Z

Can I work on this? @hkirat @devsargam This looks like a good issue to me.