As of now we use sessions (stored in postgres) in the auth server and then continuously fetch jwt from the auth server to autheticate against the other servers.
What we want: Simpler auth flow.
Perhaps the following: sessions with "cookiestore". I.e. encrypted session data stored in cookie. then the other servers should be able to just decrypt using shared key for authenciation. Similar/same as jwt, but stored in cookie instead of in browser js memory.
As of now we use sessions (stored in postgres) in the auth server and then continuously fetch jwt from the auth server to autheticate against the other servers.
What we want: Simpler auth flow. Perhaps the following: sessions with "cookiestore". I.e. encrypted session data stored in cookie. then the other servers should be able to just decrypt using shared key for authenciation. Similar/same as jwt, but stored in cookie instead of in browser js memory.