Skip to content
Back

I am sooo lost..

  • 0
  • Databases
  • Auth
  • Web
  • Cloud
Adanalee01
12 Jan, 2025, 10:57

I have so many questions so even if you answer 1 of them it would be amazing. First of all, I'm using next.js. I have a sign in with google button to login.

  1. Is the providerAccessToken something that should be kept private (aka server-sided)?
  2. Can I access a users providerAccessToken or their session by their userid from the backend?
  3. How can I verify that the user is actually the user that made the request in my backend?
  4. I want to assign some groups to the user so they will have access to group1 and group2 for example. Do I need to create a new database for that? If yes, in what format. would (userid, groups) be enough?

I had more questions but I don't remember them now. I'll create another topic If I remember.

Extra notes: I don't want to update my database directly from client to appwrite since I want to verify/edit some data before updating the database.

TL;DR
1) Yes, the providerAccessToken should be kept private on the server-side. 2) You can access a user's providerAccessToken and session from the backend using their userID. 3) To verify the user's identity in the backend, use the userID or a secure token sent from the client. 4) You may need a new database to assign groups to users, a format like (userID, groups) could be sufficient. Extra: To avoid updating the database directly from the client, verify and edit data before updating using appwrite.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more