Not clear if I need JWT or Bearer
I have the following setup
auth.myapp.tld - auth service (nextjs) with the better-auth backend, db and signin / signup pages
app.myapp.tld - the app (nextjs) that is "protected" by auth but has it's own db
api.myapp.tld - the api that is "protected" by auth but has it's own db
app2.another-domain.tld - let's say an on-premise setup, but otherwise same app as app
i was hoping to use jwt tokens to authenticate requests to auth.myapp.tld from both client and server components of my next application, but the requests (e.g. getSession) only work on the client (presumably because they are using cookies and not the authorization header), but i want to be able to e.g. get user information and his active organization in the request to app.myapp.tld/api based on the token in the header
it seems like the bearer plugin could be used instead but i'm not sure.
what would be the right approach? what are the security implications?
auth.myapp.tld - auth service (nextjs) with the better-auth backend, db and signin / signup pages
app.myapp.tld - the app (nextjs) that is "protected" by auth but has it's own db
api.myapp.tld - the api that is "protected" by auth but has it's own db
app2.another-domain.tld - let's say an on-premise setup, but otherwise same app as app
i was hoping to use jwt tokens to authenticate requests to auth.myapp.tld from both client and server components of my next application, but the requests (e.g. getSession) only work on the client (presumably because they are using cookies and not the authorization header), but i want to be able to e.g. get user information and his active organization in the request to app.myapp.tld/api based on the token in the header
it seems like the bearer plugin could be used instead but i'm not sure.
what would be the right approach? what are the security implications?
