2 replies

Guidance on JWT / Bearer usage for external APIs

Hi all, after some tinkering, I have JWT set up within a Nextjs app to use as a bearer token for an external api. The api uses the JWKS endpoint to validate the token. This works fine. I am looking for guidance of best implementation guidelines for security and performance. We heavily use server patterns in Next so we don't rely on nor use

authClient

authClient

, just the server api.

At the moment, if I call

auth.api.getToken

auth.api.getToken

, it issues a new token every time thus invalidating any fetch caching to the external api. I can store this token outside the request scope (variable or local storage) however this doesn't take into account expiration of the JWT token within decrypt it and checking timestamps on each request. While this works, I am wondering if there's a more efficient or more "betterauth" way of doing this. Perhaps the OIDC Provider is a better choice here?

To sum:

- External API that takes a bearer token that should verify against our main Nextjs app via JWKS
- Main Next app uses this external api and must provide a unified JWT bearer token to it
- Other external consumers (eventually) need to use a client credential flow to use the external API with bearer which in turn validates against the main Nextjs app with JWKS

Better Auth•11mo ago•

2 replies

shu-sin

Guidance on JWT / Bearer usage for external APIs

authClient

authClient

, just the server api.

At the moment, if I call

auth.api.getToken

auth.api.getToken

Guidance on JWT / Bearer usage for external APIs

Similar Threads

Guidance on JWT / Bearer usage for external APIs

Similar Threads

Similar Threads

Similar Threads