Should I pass token from client to API (Which will use Supabase) via Query Parameters?
Hello, potential noob question here.
I'm trying to use my API to query supabase. To do this, I need to pass the auth JWT token from the client to the API first. Upon researching the safety of this method, I came across this SO post: https://stackoverflow.com/questions/32722952/is-it-safe-to-put-a-jwt-into-the-url-as-a-query-parameter-of-a-get-request.
The top answer mentions the conditions in which this method is safe to do. Does supabase implement these, subsequently making passing the token via query parameter ok?
If this is not the correct method, how should this be done? If possible, via method that still involves the API, and not doing client-supabase query directly.
I'm trying to use my API to query supabase. To do this, I need to pass the auth JWT token from the client to the API first. Upon researching the safety of this method, I came across this SO post: https://stackoverflow.com/questions/32722952/is-it-safe-to-put-a-jwt-into-the-url-as-a-query-parameter-of-a-get-request.
The top answer mentions the conditions in which this method is safe to do. Does supabase implement these, subsequently making passing the token via query parameter ok?
If this is not the correct method, how should this be done? If possible, via method that still involves the API, and not doing client-supabase query directly.
Stack Overflow
Is it safe to put a jwt (json web token) into the url as a query parameter of a GET request?
