issue with creating JWT with REST API

Only one more question. When i have session and i send it to server, is there any way to use that session to authorizate the user? Not by creating JWT.

TL;DR

User is asking for help with creating JWT using REST API. They mention using the server-side SDK and ask if they can set cookies with the Appwrite SDK. Another user explains that they can authenticate as a user using either JWT or cookies. They suggest storing the cookie and reusing it for subsequent requests. The user asks how to authenticate the user on the server-side without using JWT, and another user clarifies that they can use the cookie for authentication. The conversation continues with additional questions and explanations. Solution: Store the cookie from the authentication process and reuse it for subsequent requests to authenticate the user on the server-side.

Yes, for that you'll need to do all the login process with a cookie jar. Check this example for a demo.

Btw

What is your use case?

I am sorry for missunderstanding. But this still works by creating JWT on server-side

You're correct in that example you can see 2 things

The cookie jar
The JWT which you can ignore

i log in by email on server-side then session saves in cookies on client. Then client sends cookies in headers to server (i am using SSR-sveltekit) and then server should authorizate the user

Okay, that should work

Something like this?

yes exactly, then server sends fallback cookie to user and user back to server during fetch

Good So store that cookie some whare and you can reuse it to auth the user in subsequent requests

And you won't need the JWT

yes but how will i be able to act like user on server-side without JWT (only with session) ? You were creating JWT in your example

Yes, but that is only because in that example he wanted to have JWT. It's like this 👇 When you want to access Appwrite resources as a user you'll need to be authenticate, you can do it in one of two ways

JWT, which you need to regenerate every 15 minutes
Cookie, which you need to regenerate after the session timeout has passed which is very long. As you're already doing by adding the X-Fallback-Cookies header like you can see here, you're actually being authenticate as the user. meaning, you can do any REST action on behalf of that user.

Is this make sense?

Yes i am sorry. But can i set cookies on your appwrite SDK?

Thank you very much. This is what i am doing for REST API

What you mean? using the Web SDK?

no no server node.js SDK

Nope, The server SDK supports only the Server side endpoints, so you'll have to use the either the client-side Web sdk or the pure REST like you're already doing.

Also, Check the <:svelte:877959666238386257> Almost-ssr by Meldiron which uses the SDK to login from the server side.

Yes, thank you very much. Maybe i will be looking for another sollutions

Yes thank you, i know i used it

Thank you very much for all your help <:appwriteheart2:1073243188954935387>

<a:agooglethumbsup:635256484682530825>

Reply to this thread by joining our Discord

Reply on Discord