How to secure the api route in the custom backend with next auth

[kaisiant]

To make it clear, what I mean is how can I know the user is authenticated in my backend (adonisjs) when users using google/facebook sign in.

Is it I need put the access_token in the request header and checking their session in the database?

[leo-petrucci]

I usually just use getSession and pass it the context of my request. I'm not familiar with adonisjs, but I assume it would work similarly.

[lionelrudaz]

@creativiii you mean by sending the content of getSession in the headers of your HTTP request?

@kaisian97 for the moment, I've created my own JWT that uses the same encoding on the client and on the server (I have a Rails API). Like that I can decode the JWT on the server and know which user it is.

I think the discussion I have with @balazsorban44 in here could interest you #3366