Does forwarding a JWT from a React SPA to C# .NET app make sense ?
I understand Better Auth is for TS codebases and it looks great. I want to keep my users managment in my db 🙂
I know nothing about C# .Net but I've been asked to build with 3 specific goals...
1) create a React SPA which handles the UI for users, profiles, payment, chat, etc
2) create a backend server ( Express ) to handle business logic, data, access, long running jobs, queues, multiple services ( Stripe, Algolia, etc ), etc ( not in a fullstack framework like NEXT )
3) integrate with an existing C# .NET app that will be hosted on a subdomain ( like app.mainsite.com ) which the React SPA will need to either embed with an iframe ( CORS permissions aside ) or redirect to using the same logged in credentials via a token or maybe SSO ( which I've never done ).
...I will not be writing any code of the C# .NET app code. I just need to know if forwarding a JWT to it might work ? Since it will need to go through the express backend to access resources, can it just forward on JWT the same way the React SPA would ? I am assuming the team responsible can find a way to securely hang onto the token and dispose of it after a session.
Is there a better ( auth ) way or a best practice for this kind of thing ?
Is this more of an SSO thing or am I thinking about this wrong ?
Is Better Auth the right choice for this ?
Any help from someone with more experience is much appreciated.
2 Replies
You can probably make everything work using the JWT plugin, and just have the Better auth server on your express server.
Thanks @Ping Do you mean a FE plugin to manage the persistence / header for the JWT ?