-
I'm trying to follow some sort of security "consensus" of not manually setting authentication stuff in the client using javascript, like storing a token from the api response into localStorage and then during a page reload to get and set it in the state of your app. In a REST context, I'm envisioning a |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Check the websockets example if you want to see an example with cookie based auth, the cookie can then be picked up in Cookies are the only way if you want server-side rendering. If you're making an SPA or a RN-app you can use auth headers which can be picked up from local storage or whatever. |
Beta Was this translation helpful? Give feedback.
Check the websockets example if you want to see an example with cookie based auth, the cookie can then be picked up in
createContext
on the server and resolved to a user that is passed through to each resolver.Cookies are the only way if you want server-side rendering.
If you're making an SPA or a RN-app you can use auth headers which can be picked up from local storage or whatever.