Create a way to manually validate a Session token
sashalikesplanes opened this issue · comments
I've stumbled upon a use case where I had to pass a JWT token created by Session
through a query parameter.
I do not see any way to manually verify if a token was created by Session
.
I propose to adjust the useSession
by changing the signature to useSession(token?: string)
, but I am not sure how that would interact with Context.memo
Alternatively Session.validate(token: string)
can be added which will use the same internals as useSession
to validate the token with an identical return type.
Having read through the code in session.ts
I believe I could implement such a feature.
Are you open to merging such a PR? Which approach suits your style better?
Is this for the current Auth construct or future-auth?
@sashalikesplanes The future-auth construct provides a method called Session.verify
which does what you are describing.
Though I agree this functionality would be nice to have in the base auth and could probably be pulled out into a common piece of code called in both places, just as it is done in future-auth.
@jayair Is there a plan to make future-auth the primary auth or is that not part of the roadmap anymore due to the release of SST Ion?
It'll go to Ion first for sure.