https://supabase.com/ logo
#off-topic
Title
# off-topic
a

Adi

11/24/2021, 5:49 PM
Can I use supabase just for authentication purpose? Lets say I have 2-3 nodejs services which I want to connect to frontend. (Note: These backend services are written in nodejs which makes use of redis mongodb job scheduler etc) Now how will backend nodejs services understand that data requested by frontend user is authenticated? Assume I want to connect multiple services like payment/checkout, job scheduling service (which uses nodejs+redis) etc. Should I do something similar mentioned in this discussion: https://github.com/supabase/supabase/discussions/2125 Any other suggestions or best practices to follow in such scenario? Thanks in advance 🙂
s

Scott P

11/24/2021, 6:23 PM
With every request, I believe you would check the headers for the auth token, and using the JWT available from the dashboard, you'd decode the contents of the header. This will give you details about the user that's attempting to access the service.
a

Adi

11/24/2021, 6:57 PM
s

Scott P

11/24/2021, 8:29 PM
Yeah, that seems right. The first link would be used if you wanted to act like a different user. The second link seems to explain the process of decoding the token, so you'd take the steps in the second link to attain the
sub
property (which is the user ID in the DB). You can then use this in your other services - e.g. if you've got some Stripe backend somewhere, you could use this to assign a Stripe payment to the correct user.
a

Adi

11/24/2021, 8:51 PM
Is it ok if I store the JWT secret provided by supabase on my backend services which are in Nodejs and Golang for validating the jwt token
Also once access token is sent to backend service is there any expiry or something? basically I will be sending session.access_token to backend once user sign in is successful
Any suggestions on this ?? @User above points are correct right?