At the moment I am using the custom-token / JWT implementation to log my users into Stitch. At the moment I authenticate with Stitch using the user's JWT both on the browser and on the server. Reusing the user's JWT in both locations has the benefit of ensuring a consistent security model in stitch. A user should not be able to access a particular field based upon their level of access. I also utilize AWS lambda and therefore its possible I would make many calls to authenticate the user within Stitch. I'm concerned that will potentially cause issues on the Stitch side.
Will multiple calls to authenticate with the JWT using the CustomCredential auth cause problems on the stitch side? Is there a better recommendation regarding my above approach?
Is it possible to harvest the user's access token and refresh token returned from the stitch auth call and use those to authenticate going forward?
Hello,
At the moment I am using the custom-token / JWT implementation to log my users into Stitch. At the moment I authenticate with Stitch using the user's JWT both on the browser and on the server. Reusing the user's JWT in both locations has the benefit of ensuring a consistent security model in stitch. A user should not be able to access a particular field based upon their level of access. I also utilize AWS lambda and therefore its possible I would make many calls to authenticate the user within Stitch. I'm concerned that will potentially cause issues on the Stitch side.
Any other recommendations? Thanks!