Use JWT to allow Client Side interactions after SSR Auth?
Hello everyone, I am rebuilding a CSR only application with NextJS to leverage SSR strategically so I can fetch certain data on the server and distribute it to all users equally. I figured if I have SSR its beneficial, security wise, to use SSR Authentication, right? That works well with Appwrite so far, cookie is stored and I can make requests. However, I cannot seem to figure out how to also allow the client to access appwrite directly via the clientSDK (to use server resources efficiently and improve performance I want to keep the majority of api calls on the client side).
cookieStorage.set(`a_session_${BACKEND_PROJECT}`, session.secret, { httpOnly: true, secure: true, sameSite: "none", maxAge: Math.floor( (new Date(session.expire).getTime() - Date.now()) / 1000 ), path: "/", domain: BACKEND_DOMAIN, });
I found this somewhere here in the support thread to store a cookie with the session secret in its name and the backend domain as domain (e.g. appwrite.io). However, as I am developing on localhost I cannot set that cookie. I have been searching for countless hours now trying to figure out a best practice to authenticate using SSR and using CSR for majority of data requests. Can someone please help me and shine some light? Neither Appwrite Docs nor NextJsDocs nor ChatGPT were any help. Appreciate it and thanks a lot 🙂
Or would the better approach be to authenticate with CSR and then use a JWT where beneficial to handle requests via the server?
