Authentication using API key #1019

muhammadnasr · 2024-07-31T18:23:51Z

I like the various way to authenticate with supertokens.
I just want a way to authenticate with API keys or do you have something available?

rishabhpoddar · 2024-08-01T05:33:29Z

We have https://supertokens.com/docs/microservice_auth/introduction at the moment, and are currently working on oauth2 client credentials flow as well.

muhammadnasr · 2024-08-01T14:43:44Z

Thanks for the prompt reply. I have looked into microservice auth and I thought of using jwt instead of API key but my only problem is that it would be too long for users to copy and so. Any ideas for that?

…

On Thu, Aug 1, 2024 at 8:33 AM Rishabh Poddar ***@***.***> wrote: We have https://supertokens.com/docs/microservice_auth/introduction at the moment, and are currently working on oauth2 client credentials flow as well. — Reply to this email directly, view it on GitHub <#1019 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABIMCBT3WGUQKJ3VGD7SILZPHCD5AVCNFSM6AAAAABLZAO6TOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRSGA3TKNRRG4> . You are receiving this because you authored the thread.Message ID: ***@***.***>

rishabhpoddar · 2024-08-01T15:58:38Z

Yeaa, well. Not much that can be done about that here other than using something else for API key. We plan on sticking with JWTs.

muhammadnasr · 2024-08-01T16:39:13Z

Totally understand. I am also thinking of using jwt as well but give the user a less verbose API key and keeping the mapping in the DB Then when the user authenticate with the API key, I fetch the jwt token then inject in the request header in my middleware What do you think of that? One last question, how can I revoke the 100 days jwt token?

…

On Thu, Aug 1, 2024 at 6:59 PM Rishabh Poddar ***@***.***> wrote: Yeaa, well. Not much that can be done about that here other than using something else for API key. We plan on sticking with JWTs. — Reply to this email directly, view it on GitHub <#1019 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABIMCBJQSOPNE5UCLD6JI3ZPJLMHAVCNFSM6AAAAABLZAO6TOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRTGQYTSOBUGE> . You are receiving this because you authored the thread.Message ID: ***@***.***>

rishabhpoddar · 2024-08-01T16:52:45Z

Well, in that case you dont need a JWT cause you can just check the db against the less verbose string to get the user info.

muhammadnasr added the enhancement New feature or request label Jul 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authentication using API key #1019

Authentication using API key #1019

muhammadnasr commented Jul 31, 2024

rishabhpoddar commented Aug 1, 2024

muhammadnasr commented Aug 1, 2024 via email

rishabhpoddar commented Aug 1, 2024

muhammadnasr commented Aug 1, 2024 via email

rishabhpoddar commented Aug 1, 2024

Authentication using API key #1019

Authentication using API key #1019

Comments

muhammadnasr commented Jul 31, 2024

rishabhpoddar commented Aug 1, 2024

muhammadnasr commented Aug 1, 2024 via email

rishabhpoddar commented Aug 1, 2024

muhammadnasr commented Aug 1, 2024 via email

rishabhpoddar commented Aug 1, 2024