I’m migrating an existing React app that uses auth0 react SDK to NextJs.
In the original app, the frontend makes a direct api call to the backend by passing access token in the authorization header that it obtained from the react auth0 sdk (using getTokenSilently api)
I came across this article, which seems to imply that with NextJS SDK calling external api would require proxying the api call through nextjs’s API route. That is [frontend] → nextjs api route → actual backend api gateway. This is because the frontend no longer has access to the access_token, so the request is sent to the nextjs’s api route. Where it uses the session to look up the access token and then make another api call to the api gateway by passing the access token.
Is my understanding correct?
I’m concerned with this extra hop introduced by the proxy (latency/performance rason) but I also feel like I would need to write nextjs’s api route corresponding to every single route on the backend that is authenticated (I have about 70-80 apis endpoints).