Advice on this authentication flow
Unanswered
MalvadoEZY posted this in #help-forum
Hi guys,
I'm still trying to figure out the best way to get this done correctly, i'm trying to create an API on NextJS where it can also be consumed by my mobile app built on react native, my main web app/api are hosted in vercel. Ideally i would like to have httpOnly cookies for website authentication, and for mobile i was thinking on passing X-Device-Type: mobile to tell the server which type of response it should give me, therefore so if it has that header it should return a json body with the accesstoken and refreshtoken so i can store it in keychain. If the user does not pass that header, it create the cookies httpOnly/secure.
Im using also redis database to invalidate access/refresh tokens if i need.
Please give me you thoughts on this.
Thanks
I'm still trying to figure out the best way to get this done correctly, i'm trying to create an API on NextJS where it can also be consumed by my mobile app built on react native, my main web app/api are hosted in vercel. Ideally i would like to have httpOnly cookies for website authentication, and for mobile i was thinking on passing X-Device-Type: mobile to tell the server which type of response it should give me, therefore so if it has that header it should return a json body with the accesstoken and refreshtoken so i can store it in keychain. If the user does not pass that header, it create the cookies httpOnly/secure.
Im using also redis database to invalidate access/refresh tokens if i need.
Please give me you thoughts on this.
Thanks