Stateless fully-authed SSR
Hi there,
I maintain a tanstack router app that is fully authed, which uses an external OIDC provider to handle session state, as the provider returns an OIDC token, which I use to make to make requests to a separate backend. I'm trying to explore whether this is possible in an SSR environment, as I want initial loads to avoid waterfalls.
The thing I keep getting hung up on is how to handle making requests to my actual backend. On initial load, it can use the token to hydrate the page, and If I'm storing my OIDC token in SessionStorage, I can directly make API requests to the backend on the client-side. However, if stored as a HTTP Only cookie, I can't access that client-side, but I can intercept any request via a generic ServerFn and use the cookies to add an authorization token to then hit my backend, but that would add an extra hop.
Anyone have any recommendations for how to do this pattern?
I maintain a tanstack router app that is fully authed, which uses an external OIDC provider to handle session state, as the provider returns an OIDC token, which I use to make to make requests to a separate backend. I'm trying to explore whether this is possible in an SSR environment, as I want initial loads to avoid waterfalls.
The thing I keep getting hung up on is how to handle making requests to my actual backend. On initial load, it can use the token to hydrate the page, and If I'm storing my OIDC token in SessionStorage, I can directly make API requests to the backend on the client-side. However, if stored as a HTTP Only cookie, I can't access that client-side, but I can intercept any request via a generic ServerFn and use the cookies to add an authorization token to then hit my backend, but that would add an extra hop.
Anyone have any recommendations for how to do this pattern?
