rugulous
commented
10 months ago There's a few options for how we can approach this:
-
Login directly with payload We'd need to get back some identifier to say e.g. this payload user maps to this local user, then we'd go and grab the local user and store them in session
-
Payload authentication server-side When we log in, our server sends a post request to the payload server containing their credentials and getting back an access token. This can be stored in session with the rest of the user details, then provided client-side where we need to make the requests
-
Payload entirely server-side Like 2, except we don't ever expose the payload token and use it to replace our DB calls
2/3 require a bit of extra handling on our side (e.g. password resets make it interesting), and all 3 require synchronizing between the two servers
We need some way to authenticate with payload whilst also remaining logged in for pages we haven't moved over yet