Spike: API validation with authentication and user roles
Closed this issue · 2 comments
sjv01180 commented
User Auth within Prisma
Problem Statement
With the storage of session data and auth information, how can we run checks on our API that will prevent non-authenticated users from calling some of our API routes?
Goal
Learn more about how Auth is handled in Next.JS and best security practices when handling auth validation among API
Hypothesis
Could be a simple WHERE clause in Prisma client, in which the API will fetch auth tokens and compare with the current session.
Questions
- What are some best practices for handling/validating auth data in Next.JS?
- How will our API validate authenticated users and role-based users?
Research Tasks
- Look through Next-Auth documentation
- Find other resources online that documents best practices for validating auth tokens in API
- Find Next.JS-specific guides and documentation that mentions this validation in more detail
Results and Conclusion
will be added later
PokeJofeJr4th commented
sjv01180 commented
Changed tutorial link to next-auth getting started page.