-
|
I've been struggling with this for days now and I really don't want to use API routes as prefer to keep the UI and backend separate for future scalability. I've created a Google sign in which creates the user into my local Postgres. This works fine. What I want is to be able to hit some GraphQL resolvers on separate Express server and check that the next-auth user is allowed to access these resources? I haven't touched on authorisation in the past as the code had already been developed so this is a major stumbling block for me 😔 I figure I need something like the following?
Is this right or am I missing the point? Everything seems to point towards API routes so there's no information on using an external server for authorisation. I would REALLY appreciate any examples, links, tutorials of how to do this whether from a source or your own. If you have Discord even better. Happy to pay a small sum as well! I need to get this working fast and I'm desperate at this point!! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
I ended up using API routes as using a separate backend for authorisation doesn't seem to be supported, or the knowledge isn't available. It seems to be a common issue with no answers. |
Beta Was this translation helpful? Give feedback.
-
|
Hey! Is it possible to show how you achieved that? I'd like to replace my custom auth system with next-auth. |
Beta Was this translation helpful? Give feedback.
-
|
This is how most OAuth providers work. They issue an access_token for your user which you save in either a JWT or a DB. when contacting your external api, you just attach the access token, and on the api you verify/decrypt the jwt and see if the scopes/permissions are in place for the action. |
Beta Was this translation helpful? Give feedback.
I ended up using API routes as using a separate backend for authorisation doesn't seem to be supported, or the knowledge isn't available. It seems to be a common issue with no answers.