Authorization in next js with supabase auth.
Unanswered
Silver posted this in #help-forum
SilverOP
currently my apis are publicly available. How can I protect them?
- May be we can use jwt and store the token in localstorage and then in middleware will decode the token and verify the user.
But I dont know is this a best way to do it or not?
If any one got the idea, please do respond
- May be we can use jwt and store the token in localstorage and then in middleware will decode the token and verify the user.
But I dont know is this a best way to do it or not?
If any one got the idea, please do respond
10 Replies
Southeastern blueberry bee
Personally, I use JWTs to restrict access to certain routes (pages), and for APIs (route handler), I simply sanitize the inputs.
But if you're exposing your API explicitly to end users through your app's documentation, it makes sense to implement tokens
SilverOP
can you please give me some docs or anything that how can I build it
@Southeastern blueberry bee
Southeastern blueberry bee
@Silver if you use suapbase, you have all apis for authentication & authorization
import { redirect } from 'next/navigation'
import { createClient } from '@/utils/supabase/server'
export default async function PrivatePage() {
const supabase = createClient()
const { data, error } = await supabase.auth.getUser()
if (error || !data?.user) {
redirect('/login')
}
return <p>Hello {data.user.email}</p>
}see how supabase doc recommends checking in the page
@Silver