How to settup auth with my backend?

Hello,

I did some searching on the forum and found this comment which was the most helpful: https://community.netlify.com/t/verify-user-in-node-js-backend/3916/3

However I still have some questions on how to go about this. Currently my FE is making a request to my backend directly, to which I would now like to add auth. From my reading of the above comment and linked documentation, my thought process for how it has to work is the following.

Instead of making the call directly to the backend, I now make the call to the endpoint for a new Netlify Function I define. I pass in the JWT via the header so that it’s automatically authed for me and the user information attached to the context variable.

I now bundle this data with the rest of the query I want to send to my backend using fetch. However, I want to sign the outgoing data so that my backend knows it is coming from Netlify. Therefore what I actually do is I fetch a “local” endpoint, but define a redirect with the signing value filled and pointed toward my backend(?). My lambda function then waits for the result and simply passes it back to the FE to use as it was using it before.

Does this make sense or am I overthinking this?

Hi @sparty, you have a few options, one of them is to use signed proxy redirects, you can read about this at https://www.netlify.com/blog/2017/10/17/introducing-structured-redirects-and-headers/#signed-proxy-redirects . And you proxy the api call to your backend and you send the request through that proxy and we’ll sign it with a JWT that you can now authenticate since you’ll have the signing secret. Another option is to use a library to generate a JWT in your function that you send to your backend and authenticate there. Either way will be fine.

Hey @futuregerald, thank you for the response!

I definitely want to do the signed redirect for my setup. My question is really about what you talk about here: "And you proxy the api call to your backend and you send the request through that proxy and we’ll sign it with a JWT that you can now authenticate since you’ll have the signing secret. "

I get what you’re saying, but I’m just trying to figure out how to actually implement it. Where does the Netlify Function and redirect come in, respectively?

Currently:

Front end —query—> Back end

What I think you’re saying:

Front end —query–> Netlify Function --> Redirect with secret signing --> Back end

Or is it:
Front end —query–> Redirect with secret signing --> Netlify Function --> Back end

Hi @sparty,

This the correct flow:

Front end —query–> Netlify Function --> Redirect with secret signing --> Back end

Let me know if you’re still having trouble. This makes me think we can use some examples of this setup!

@futuregerald definitely! That would help a ton for developers like me who understand these concepts in general but are still getting use to actually implementing them in the Netlify platform itself, which is overall very easy to sue but has its quirks. The redirecting in particular can use some nice examples paired with Functions for a common use case like this.

Thanks for your help!

Hey @sparty! totally hear where you are coming from. If we end up working on a specific example, we’ll update this thread here :smiley: