ippo
How would you implement basic auth session tokens with tRPC?
JWT is just bad for authentication and was never designed as an authentication tool.
JWT is an authorization tool by design.
(if you are interested I can give you tons and and tons of evidence, articles etc.)
Here is a light read:
http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
next-auth uses JWTs for its session strategy and as far as I know, there is not really a good and flexible cookie-session next.js alternative
so what should you do?
If you want to (and also should) use session cookies for authentication go with express-session.
In that case you need a custom next.js server that you can easily setup.
If you have that you can use all battle tested express modules and have your custom and extremely custom authentication and authorization logic that you can imagine.
The other benefit is that you can use sockets easily in your nextjs/trpc app
10 replies