Is there a way to ‘manually’ check the validity of user’s id token when using 8base auth? In other words can 8base expose the Cognito instance it is using under the covers?
This is my use case: We have 8base auth set up and the user is logged in. The user makes an API call to an external system passing its auth token with the request. The external system wants to check that this token is valid before authorizing the request. Is this possible with 8base auth or is it necessary to use one’s own auth provider for such a case?
Hello!
There is no native feature or ready examples for that, as I remember.
The first thing that comes into my mind is to pass any calls to your external service through Custom Function which will be parse and validate tokens anyway you want.
Passing calls to the external service through custom function won’t help because the whole point is to be able to secure the external system. However, potentially we could pass the call to our external system to a custom function in 8base that performs authentication and return a success response before processing it any further in our external system. It means an extra request and response in the chain of calls; not sure if this would add any significant overhead or not.
Anyway thanks for the advice. We are just trying to weigh up the advantages and disadvantages of using 8base auth vs setting up our own Cognito, so this helps.
Hey Daniel! Highly suggest that you use Cognito as opposed to 8base Authentication for your project. 8base Authentication is really only intended to be a “quick and dirty” way of setting up authentication during development. However, it lacks the customizability that you’ll need for branded auth flows (e.g. password reset and verification emails) as well as accommodating edge-cases like yours.
We’ve roadmapped improvements for the future! However, for now, Cognito is awesome.
But anyway, yeah, that’s it.