NextAuth - should I use JWTs or DB sessions (adapter)
I've watched the video where Theo rants about NextAuth, sessions etc. However my question is still which option should I use and why (between DB session and JWTs)?
For example, I understand that the adapter is useful when you need to keep track of all the sessions, refresh tokens, invalidate sessions etc. and that JWT have their drawbacks, like you can't unset them once they are defined.
However, in my case I don't really use those features (refresh tokens) at all because all I need from Auth is confirmation to let them login, after that I don't need any provider services because of which I would need to refresh. That's why I also don't need all the other information I get from the providers and It also makes managing the db simpler, because of some of my use cases.
So finally my question... Do DB session have any advantages that I didn't mention, because of which I should always use the t3 template for it or are JWTs also acceptable? And should I store all the information I get from the provider even if I don't use it?
7 Replies
Unknown User•3y ago
Message Not Public
Sign In & Join Server To View
I read this last night which had be mildly freaked out/ questioning using JWTs in the future: https://redis.com/blog/json-web-tokens-jwt-are-dangerous-for-user-sessions/
curious to know people's reactions
Redis
JSON Web Tokens (JWT) are Dangerous for User Sessions—Here’s a Solu...
Learn why JSON Web Token (JWT), although popular, is dangerous and also view a proposed battle-tested solution.
Unknown User•3y ago
Message Not Public
Sign In & Join Server To View
you might be interested in this then: https://github.com/nextauthjs/next-auth/pull/5240
GitHub
feat:
next-auth/expo
by intagaming · Pull Request #5240 · nextaut...☕️ Reasoning
I attempted to create the next-auth/expo module that supports using NextAuth in Expo, with an external Next.js server acting as the NextAuth Authorization Server.
The hope is that deve...
Unknown User•3y ago
Message Not Public
Sign In & Join Server To View
No worries 😄
I believe it was this one https://www.youtube.com/watch?v=h6wBYWWdyYQ&t=974s
Theo - ping․gg
YouTube
Authentication: It’s Easier Than You Think
I get a LOT of questions about auth so I figured it was time for a video! We talk all about authentication and authorization. Watch rants like this live on https://twitch.tv/theo
LIVE EVERY WEDNESDAY AT ROUGHLY 1PM PT
Twitch: https://twitch.tv/theo
Twitter: https://twitter.com/t3dotgg
Instagram: https://instagram.com/fakiebigfoot
Everywhere els...