1 reply

How can I validate the cached session data jwt cookie in serverless environment.

🤔Question

I'm trying to use Cloudflare Snippets to protect preview branches using the session-data cookie (using

strategy: 'jwt'

strategy: 'jwt'

).

Snippets can't connect to a database, don't have a secure secret store, must maintain a very small bundle size, and must execute very quickly. The advantage is they run basically free, and act as middle-ware that modifies requests/responses of workers that don't have any knowlede of

better-auth

better-auth

.

My idea was to just check the

better-auth.session-data

better-auth.session-data

cookie, and validate it against the

jwks

jwks

endpoint provided by the

jwt

jwt

plugin. Unfortuneately, the

better-auth.session-data

better-auth.session-data

is signed differently than the token provided at the

/api/auth/token

/api/auth/token

endpoint, even when

cookieCache.strategy = 'jwt'

cookieCache.strategy = 'jwt'

. I don't understand the why of that decision (one of the benefits listed of the

jwt

jwt

strategy is "interop"), but I assume there are valid reasons.

Is there a way to modify the session-data cookie so that it's verifiable via the

jwks

jwks

endpoint? Alternatively, is there a way to just inject an additional custom cookie (i.e.

better-auth.jwt-token

better-auth.jwt-token

) that has the contents of

/api/auth/token

/api/auth/token

? I assume the latter option would mean a custom plugin that intercepts responses using the

onResponse

onResponse

hook, and just adds a

Set-Cookie

Set-Cookie

header, but I'm having trouble figuring out to call the jwt plugin

getToken

getToken

endpoint from the

onResponse

onResponse

handler. Any help would be appreciated.

Cloudflare Docs

Cloudflare Snippets

Cloudflare Snippets provide a powerful and flexible way to customize the behavior of your website or application using short pieces of JavaScript code. With Snippets, you can modify HTTP response headers, implement JWT validation, perform complex redirects, and much more.

How can I validate the cached session data jwt cookie in serverless environment.

🤔Question

I'm trying to use Cloudflare Snippets to protect preview branches using the session-data cookie (using

strategy: 'jwt'

strategy: 'jwt'

better-auth

better-auth

.

My idea was to just check the

better-auth.session-data

better-auth.session-data

cookie, and validate it against the

jwks

jwks

endpoint provided by the

jwt

jwt

plugin. Unfortuneately, the

better-auth.session-data

better-auth.session-data

is signed differently than the token provided at the

/api/auth/token

/api/auth/token

endpoint, even when

cookieCache.strategy = 'jwt'

cookieCache.strategy = 'jwt'

. I don't understand the why of that decision (one of the benefits listed of the

jwt

jwt

strategy is "interop"), but I assume there are valid reasons.

Is there a way to modify the session-data cookie so that it's verifiable via the

jwks

jwks

endpoint? Alternatively, is there a way to just inject an additional custom cookie (i.e.

better-auth.jwt-token

better-auth.jwt-token

) that has the contents of

/api/auth/token

/api/auth/token

? I assume the latter option would mean a custom plugin that intercepts responses using the

onResponse

onResponse

hook, and just adds a

Set-Cookie

Set-Cookie

header, but I'm having trouble figuring out to call the jwt plugin

getToken

getToken

endpoint from the

onResponse

onResponse

handler. Any help would be appreciated.

Cloudflare Docs

Cloudflare Snippets

How can I validate the cached session data jwt cookie in serverless environment.

How can I validate the cached session data jwt cookie in serverless environment.

Similar Threads

Similar Threads

Similar Threads