Accessing client-side session data in RSC context?
Unanswered
American Curl posted this in #help-forum
American CurlOP
Hey everyone,
I'm looking for help with my app router Next.js app using RSC and Clerk for authentication, and leveraging authenticated session to pass through an authorization header for an API request
My app uses RSC and server actions to fetch data via GraphQL, and all routes are protected, requiring user authentication. The dynamic data on these routes depends on the user's session token. When using client components, getting the session token is free and easy. However, with RSC, I need to use Clerk's server-side functions to retrieve the session token for each request to pass through the authorization header of the GraphQL query.
The problem: I'm hitting rate limits due to too many concurrent requests for session tokens on the server-side. I wouldn't have this problem if I could pass the session token directly from the client through to the RSC or even the server action, but unfortunately the entry points for all my routes are server side. I get route protection through middleware, but doesn't seem I can get the actual session token through to the RSC. I've tried caching the session token on the server, but the cache key depends on the user ID to be unique among users, which requires the backend API clerk call, defeating the purpose of the cache.
One solution could be to move everything to a client component and do client side fetching, which I really don't want to do because we've worked really hard to make use of the RSC benefits. I've had a couple other ideas of "hacks" that would help the problem but ultimately don't solve the problem entirely
Has anyone dealt with a similar issue or have any suggestions on how to handle this more efficiently? Any insights on best practices for managing authentication in RSC-heavy applications would be greatly appreciated.
Thanks in advance for any help or direction you can provide!
I'm looking for help with my app router Next.js app using RSC and Clerk for authentication, and leveraging authenticated session to pass through an authorization header for an API request
My app uses RSC and server actions to fetch data via GraphQL, and all routes are protected, requiring user authentication. The dynamic data on these routes depends on the user's session token. When using client components, getting the session token is free and easy. However, with RSC, I need to use Clerk's server-side functions to retrieve the session token for each request to pass through the authorization header of the GraphQL query.
The problem: I'm hitting rate limits due to too many concurrent requests for session tokens on the server-side. I wouldn't have this problem if I could pass the session token directly from the client through to the RSC or even the server action, but unfortunately the entry points for all my routes are server side. I get route protection through middleware, but doesn't seem I can get the actual session token through to the RSC. I've tried caching the session token on the server, but the cache key depends on the user ID to be unique among users, which requires the backend API clerk call, defeating the purpose of the cache.
One solution could be to move everything to a client component and do client side fetching, which I really don't want to do because we've worked really hard to make use of the RSC benefits. I've had a couple other ideas of "hacks" that would help the problem but ultimately don't solve the problem entirely
Has anyone dealt with a similar issue or have any suggestions on how to handle this more efficiently? Any insights on best practices for managing authentication in RSC-heavy applications would be greatly appreciated.
Thanks in advance for any help or direction you can provide!