Back
User Authentication through REST API
Hey everyone, I’m looking for some guidance on the best way to authenticate frontend requests to my API gateway using Appwrite sessions.
Right now, I'm trying to move away from using Appwrite's JWT tokens (since they expire every 15 minutes and that’s not ideal for scalability) and instead validate user sessions on the backend.
I'm running into some challenges:
TypeScript
I’m not totally sure the best way to retrieve and validate the session ID from the frontend.
I’m also seeing errors like the user missing the "account" scope, but not sure if that’s a setup issue or expected behavior.
If anyone has experience with validating Appwrite sessions on a backend (outside of Appwrite's client SDKs) or designing scalable auth flows with Appwrite, I’d love any advice, best practices, or examples you can share.
Thanks so much!
TL;DR
Developers seeking guidance for authenticating frontend requests to an API gateway via Appwrite sessions. They aim to move away from JWT tokens to backend session validation for improved scalability. Challenges include retrieving and validating session IDs on the frontend, as well as encountering errors relating to missing scope ("account"). Seeking advice, best practices, and examples for validating Appwrite sessions on a backend or designing scalable authentication flows.