-
|
I have a Go backend and I am building a React frontend. I have successfully followed the guide to add orysh auth to the frontend, but the Backend would of course still happily execute any incoming request. I would expect to have access to a JWT or something to send to the backend, validate it there with a public key and then process the request. There is no information on how to do this on the react guide. I found this: https://www.ory.sh/docs/kratos/session-management/check-session Should I follow the react guide, then send the requets with the cookies to the backend server and use the method described there to find and check the user or is there a better way / are there security issues with this approach? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Sorry for the late reply @niwla23 !
Yes, this is the right approach. It is the most secure way to do it! We also have on the roadmap an endpoint to exchange the session for a short-lived JWT, but this has some difficult security implications which we first need to iron out :) |
Beta Was this translation helpful? Give feedback.
Sorry for the late reply @niwla23 !
Yes, this is the right approach. It is the most secure way to do it!
We also have on the roadmap an endpoint to exchange the session for a short-lived JWT, but this has some difficult security implications which we first need to iron out :)