Syntaxis
Explore posts from serversBABetter Auth
•Created by Syntaxis on 3/15/2025 in #help
Any way to use split Access Tokens and Refresh Tokens
Hey so I just started using Better-Auth coming from my own Auth System. I'm trying to use short lived access tokens with refresh tokens but I'm not seeing anything about how to do this in Better-Auth. All I'm seeing is the Bearer plugin which seems to be the closest but it seems to combine the access and refresh token into 1 token essentially.
I'd like to be able to use the Bearer plugin with an access token that stores the current user's state (email, username, login options, etc etc) that expires after say an hour. At the same time as generating the access token I would generate another token that only stores the user id and expires after 14-30 days, this token is also passed to the client, but unlike the access token, is stored in the session. The access token is used in the authorization header for authentication, but the refresh token is used to get a new token pair by calling to the token endpoint (for me I did /auth/refresh in my system).
Any ideas? My thinking was to just make my own plugin, but I just wanted to ensure there wasn't something I was missing before doing that. Thanks!
5 replies
CDCloudflare Developers
•Created by Syntaxis on 2/5/2025 in #workers-help
Best way to handle external API rate limits globally
Hey I want to access an external api through my workers and it has a rate limit of 4 reqs a second, previously I used bottleneck and that worked great for me, but that doesn’t work in serverless environments and I’d prefer not to use redis. Is there a cloudflare option that helps manage this rate limit globally? Not just by region? I was looking at durable objects but just wanted to know if there was another way I was missing like maybe a nice package similar to bottleneck. Thanks!
2 replies