Authentication without access to DB
I have a architecture of a website, controller api (better auth server), and a bunch of daemons. Each daemon will receive requests from the website containing the user's better auth credentails. What's the best way to verify these?
3 Replies
How long do the tokens in cookies last for?
i want to be able to cache them for at least a minute to improve the latency
cc @Samu, anything I missed?
These daemons will run on other people servers so they cannot have access to the database, better auth secret, etc
Seems like everything is here, we use an unique key for every daemon also
Hmm, so we may need to just create another route with extra authentication. Let's see what poeple say
Okay so im thinking the best way to go about this is a one time token
that way the server that receives the token cannot use the token over and over to basically steal the users accounta
and I just use that token with my own TTL