Spike: API validation with authentication and user roles

Question

Spike: API validation with authentication and user roles

Closed this issue 4 months ago · 2 comments

User Auth within Prisma

Problem Statement

With the storage of session data and auth information, how can we run checks on our API that will prevent non-authenticated users from calling some of our API routes?

Goal

Learn more about how Auth is handled in Next.JS and best security practices when handling auth validation among API

Hypothesis

Could be a simple WHERE clause in Prisma client, in which the API will fetch auth tokens and compare with the current session.

Questions

What are some best practices for handling/validating auth data in Next.JS?
How will our API validate authenticated users and role-based users?

Research Tasks

Look through Next-Auth documentation
Find other resources online that documents best practices for validating auth tokens in API
Find Next.JS-specific guides and documentation that mentions this validation in more detail

Results and Conclusion

will be added later

Answer 1 · 2024-02-17T22:47:24.000Z

https://www.telerik.com/blogs/how-to-implement-google-authentication-nextjs-app-using-nextauth

Answer 2 · 2024-02-17T22:54:41.000Z

Changed tutorial link to next-auth getting started page.