Replies: 2 comments
-
Maybe I could somehow use the |
Beta Was this translation helpful? Give feedback.
0 replies
-
Anyone know a good approach? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Your question
I have searched the issues list but couldn't find an answer, I was wondering if there is any best/advised approach to expose API routes for
offline_access
? Basically, I would like to be able to use some of my API routes by passing a token e.g. API Token. I am imagining to like an API token to a user which gets generated for the user after they have signed up. Only I am wondering what the best approach to support this?I am having the feeling this would require implementing my own auth provider and then use the
createVerificationRequest
-method to get the API key which can be shared with the consumer of the API routes say they can pass it with their network requests. Only I am not fully understanding how these network requests will be validated against the generated token.Are there any examples or advise how to support this case? Should I somehow call
getSession
and if there is no session, check the HTTP headers in the request and try to lookup the user which matches the API key passed through the headers? Somehow that feels like misusing theVerificationRequest
database table.What are you trying to do
I am trying to expose my protected API routes so they can be used within my Next.js website and login by email/Google Login but at the same time people should be able to pass a API key in the Authorization/HTTP headers to authenticate themselves to the API routes can be called. E.g. think similar to https://stripe.com/docs/api/authentication
Feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.
Beta Was this translation helpful? Give feedback.
All reactions