-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication using API key #1019
Labels
enhancement
New feature or request
Comments
We have https://supertokens.com/docs/microservice_auth/introduction at the moment, and are currently working on oauth2 client credentials flow as well. |
Thanks for the prompt reply.
I have looked into microservice auth and I thought of using jwt instead of
API key but my only problem is that it would be too long for users to copy
and so.
Any ideas for that?
…On Thu, Aug 1, 2024 at 8:33 AM Rishabh Poddar ***@***.***> wrote:
We have https://supertokens.com/docs/microservice_auth/introduction at
the moment, and are currently working on oauth2 client credentials flow as
well.
—
Reply to this email directly, view it on GitHub
<#1019 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABIMCBT3WGUQKJ3VGD7SILZPHCD5AVCNFSM6AAAAABLZAO6TOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRSGA3TKNRRG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Yeaa, well. Not much that can be done about that here other than using something else for API key. We plan on sticking with JWTs. |
Totally understand.
I am also thinking of using jwt as well but give the user a less verbose
API key and keeping the mapping in the DB
Then when the user authenticate with the API key, I fetch the jwt token
then inject in the request header in my middleware
What do you think of that?
One last question, how can I revoke the 100 days jwt token?
…On Thu, Aug 1, 2024 at 6:59 PM Rishabh Poddar ***@***.***> wrote:
Yeaa, well. Not much that can be done about that here other than using
something else for API key. We plan on sticking with JWTs.
—
Reply to this email directly, view it on GitHub
<#1019 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABIMCBJQSOPNE5UCLD6JI3ZPJLMHAVCNFSM6AAAAABLZAO6TOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRTGQYTSOBUGE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Well, in that case you dont need a JWT cause you can just check the db against the less verbose string to get the user info. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I like the various way to authenticate with supertokens.
I just want a way to authenticate with API keys or do you have something available?
The text was updated successfully, but these errors were encountered: