Understanding Next-Auth role in my app.
Hi everyone, I'm working on my first project with the T3 stack, and apart from TypeScript , Next.js, Prisma, and Tailwind, the rest is pretty new to me. I have already created the signup and login flow with tRPC and Next-Auth, but I'm in serious doubt about whether my understanding of what Next-Auth is for is correct. I mean, I'm using MongoDB but a JWT strategy for the session. I'm using the credentials approach as it is a requirement from the project. I'm using Next-Auth for the login process and to pass required data to be used in the frontend through the session, but nothing else other than that. Should I be using any token somewhere? Or is just using a protected procedure with tRPC enough for security? I'm really used to the "old way" of doing backend where you send the access token as part of the header to validate permissions. Also, the refresh token as part of the cookies and a lot of strategies like token rotation and token reuse. I'm not using any of that, or at least as far as I know, so I'm really confused and insecure about my app's security.
