feature: Move auth to be jwt only
Closed this issue · 3 comments
We need to move off of next auth since we want to support react native
This would mean we use a simple cookie
based auth for nextjs and jwt based auth
for mobile apps.
Whenever the user signs in, we set the cookie on the domain for the browser.
If the user logs in from mobile (/api/signin/mobile) , they get back a JWT that they can send in every future request to authenticate themselves.
wokring on this
@devsargam we're thinking of keeping next auth
And along with it introducing another endpoint that mobile can hit and get back a jwt
That way we dont have to touch the existing web code, can just expose an extra /signin/mobile endpoint for mobile
At the API route level we should update the middleware to check both next auth/authorization header
Can I work on this? @hkirat @devsargam This looks like a good issue to me.