King Louie
BABetter Auth
•Created by King Louie on 3/16/2025 in #help
Conceptual questions on an auth setup with sveltekit and a separate api sever
I think I understand now how I need to approach this, thanks very much! I will have to fiddle around a little bit and see if I get this to work 🙂
27 replies
BABetter Auth
•Created by King Louie on 3/16/2025 in #help
Conceptual questions on an auth setup with sveltekit and a separate api sever
yeah client sure, but
auth.api.getSession is a backend function right?27 replies
BABetter Auth
•Created by King Louie on 3/16/2025 in #help
Conceptual questions on an auth setup with sveltekit and a separate api sever
in order to use the
auth.api.getSession function I would need to install the server side better auth stuff into sveltekit and the api function does a DB call. Since I planned on installing the better auth server stuff on my api server and keep things separate sveltekit should not be able to access the user db directly27 replies
BABetter Auth
•Created by King Louie on 3/16/2025 in #help
Conceptual questions on an auth setup with sveltekit and a separate api sever
So for every SSR request to sveltekit, the sveltekit backend needs to call my api server to get the session, then if the session is valid, calls my api server with the same session and the api server checks the session again to return the protected api info?
27 replies
BABetter Auth
•Created by King Louie on 3/16/2025 in #help
Conceptual questions on an auth setup with sveltekit and a separate api sever
for me it would be example.tld for sveltekit and api.example.tld for the api server with better auth server
27 replies
BABetter Auth
•Created by King Louie on 3/16/2025 in #help
Conceptual questions on an auth setup with sveltekit and a separate api sever
Do I also need the JWT token stuff for my client side rendering after the initial Sveltekit SSR or can I use the default session cookie in this instance?
27 replies
BABetter Auth
•Created by King Louie on 3/16/2025 in #help
Conceptual questions on an auth setup with sveltekit and a separate api sever
Hey @shubhattin thank you for your input on this!
The repo you linked uses the sveltekit backend as an auth server, you linked this to illustrate the cross subdomain cookie sharing, right?
With JWT Cookie you mean the jwt + bearer plugin from here https://www.better-auth.com/docs/plugins/jwt ?
If I get the flow right, it would work like this?
1. sveltekit FE uses better auth client login method to call my api server with betterauth and gets session cookie in response
2. sveltekit FE fetches /token on my api server to obtain jwt and save it to localstorage
Now when requesting a protected route on sveltekit I need to:
1. always pass the jwt token to sveltekit
2. check the token in the sveltekit BE against the /jwks endpoint of my api server
3. do stuff bases on the token contents
Did I get this right?
27 replies