Discussion about the right approach to handle authentication with an external API
I am loving TanStart so far, it’s simplicity when implementing features is top notch.
I’ve had history with TanStack since 2020 and it never fails to disappoint.
One of reasons I moved from NextJs is because of TanStack’s approach to CSR being the main focus.
Now back to the idea of this post.
Back in NextJs, the way I handled authentication was scary and I believe I left a lot of use cases without taking care of.
MetaFrameworks in general push users to use 3rd party providers like Clerk/supabase and others, but there are cases where applications have an external api that already handles that part (separate backend team) meaning that in TanStart we should only handle the part (both server and client side) to take the access_token/save it in vinxi’s session/retrieve it before calling that external server and put it in Authorization header
The flow should look like this and I would love your feedback if I’m doing something wrong:
I’ve had history with TanStack since 2020 and it never fails to disappoint.
One of reasons I moved from NextJs is because of TanStack’s approach to CSR being the main focus.
Now back to the idea of this post.
Back in NextJs, the way I handled authentication was scary and I believe I left a lot of use cases without taking care of.
MetaFrameworks in general push users to use 3rd party providers like Clerk/supabase and others, but there are cases where applications have an external api that already handles that part (separate backend team) meaning that in TanStart we should only handle the part (both server and client side) to take the access_token/save it in vinxi’s session/retrieve it before calling that external server and put it in Authorization header
bearer access_tokenThe flow should look like this and I would love your feedback if I’m doing something wrong:
