I wanted to send the user_id to my backend , and believe the most secure way to do this is via the JWT token that is deserialised to retrieve ‘sub’ field.
The documentation isnt clear enough for my uneducated self unfortunately.
Detailed requirements:
From my NextJS web app users can upload videos, and params, which are sent to my backend (fastapi endpoint to sent data to sql/blob storage)
My endpoint uploads videos to a storage account, and i want t use the user_id to map and determine where it is stored.
For this reason, i wanted to basically say, pass the jwt token in the header of the response.
I assume you are using nextjs-auth0? If so, you probably want to take a look at the following example which outlines how to access an external API from an API route:
I thought that when a user logs in, it created some special token that contains user_id, and other information.
I wanted to send that encoded information (believed to be JWT token) from client side to server side, to help keep the user_id more ‘secure’, especially as it is used to identify users and their content in blob storage.
I don’t think this example you are showing here would let me send the JWT in my post request from server to client?
That’s exactly correct, when a user logs in there is typically an ID and access token returned. The ID token is designed to be used client-side whereas the access token is meant to be passed to an external API/service which validates it.
The access token you send to your API will have a sub claim that is equivalent to the user_id of the user granted the token.
I am bit confused whether you are asking about sending the token from client (nextjs) to server or the opposite - The code I shared previously adds the jwt as an authorization header in the request to an external API. It’s a bit different than how a typical SPA SDK works in that the API route in your nextjs app serves as a proxy between frontend and your external API. For more details on this I recommend checking out this Github issue.
Have you had a chance to take a look at our React and/or Next.js quickstarts and subsequent sample applications (React , Next.js) - Both outline how to get an access token for a user. It might be helpful to check those out for comparison purposes.