Correct way to create webhooks
Hi everyone. Just want to know the best practice around creating a webhook. I want to send a post request to my other server (I have a Django server I’m using for a few protected APIs) that will only happen when a new user is created. Would I use the an after hook for this? I want to send some nonsensitive user information (user name, email, user id) and store it in Django. then when a user makes a request to my other api I can verify their identity and authentication state with JWT and JWKs.
17 Replies
yeah you can either use hooks or db hooks
https://www.better-auth.com/docs/concepts/hooks
https://www.better-auth.com/docs/concepts/database#database-hooks
Hooks | Better Auth
Better Auth Hooks let you customize BetterAuth's behavior
Database | Better Auth
Learn how to use a database with Better Auth.
Awesome thank you @bekacru I’ll run it.
@yoyojoe Were you able to make it run with your django backend? I'm evaluating more light-weight solutions to this problem than SCIM.
Yep I was able to get it to work but it was a hassle and I was over complicating everything
So it's still too complicated or now usable? Any chance to see django endpoint implementations, or learnings from it?
Yeah I would need to know more about your use case. All I did was build an endpoint in django to ingest user data from better-auth. I passed user data from the dbhook to the django endpoint.
Ok, thanks. We are using https://pypi.org/project/djangorestframework-jwt/ (actually vendored it for newer django) and I wonder what you used to verify better-auth tokens after a django user was created.
(Note: I'm not our django dev, mainly testing the waters how to unify auth across microservices)
Ah I see. Are you trying to use better auth as a centralized authentication system? Do you just want to secure your Django endpoints so that only authenticated users can access those endpoints?
Yes.
Ah gotcha. What I did for this is created a middleware in Django that verifies the JWT sent by better-auth using the JWKs endpoint that the better-auth JWT plugin creates.
So you callback better-auth in this django middleware (on each protected request)?
Thats one way to do it (simplest but could cause some bottle necks) but you can also cache the JWKs because they almost never change.
Actually better-auth has some decent documentation on using remote JWKs vs caching JWKs to verify a JWT. I used the docs and rewrote it in Python. I think I have it somewhere
This is the approach/plugin docs you mentioned: https://www.better-auth.com/docs/plugins/jwt#verifying-the-token ?
JWT | Better Auth
Authenticate users with JWT tokens in services that can't use the session
Yep exactly. I can’t find what I wrote atm but I used Django rest framework and then created a custom auth class. I think drf docs are pretty good about it too
Then you just put that class on the endpoints you want the middleware to run
Thanks so much. Maybe you can share a gh gist of this, if it is found? Do you still use it in some project?
(sry for asking so much 🙂
No all good. Let me see later this week. Ping me if you’re still having problems.