Protecting API Routes Azure AD #5061
Unanswered
jamesderrick
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I'm currently using next-auth with the AzureADProvider
Client side authentication is working fine as far as I know
However, I really want to be able to lock down the API routes so you have to have a session to be able to use them.
I'm using
unstable_getServerSessionin the API routes, which does a good job of blocking the API route if my browser doesn't have an active session.But how would an external website (or application like postman) that wanted to call these APIs be able to have an active session?
Beta Was this translation helpful? Give feedback.
All reactions