Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Not support OAuth w/ header-based auth initially

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2023-05-11

Context and Problem Statement#

Header-based auth requires a separate implementation using frontend redirection.

Considered Options#

  • Always use frontend redirection
  • Add support for header-based auth using FE redirection
  • Not support OAuth w/ header-based auth initially

Decision Outcome#

Chosen option: Not support OAuth w/ header-based auth initially

  • Faster first version
  • We can easily add this later
  • We are OK with not supporting header-based auth (at least initially) since we think that it'll be a very rare usecase

Pros and Cons of the Options#

Always use frontend redirection#

  • Same implementation for cookie and header based auth
  • Goes somewhat against the recommendations (some security concerns)
  • Very slow - even if the session exists and no auth is required, the full react app would have to load before we can do anything

    • Add support for header-based auth using FE redirection#

  • Supports all usecases
  • Faster if using cookie-based auth (which is the default/common auth mode)
  • More implementation time

    • Not support OAuth w/ header-based auth initially#

  • We can get the first version supporting OAuth2 out faster
  • We can easily add support later
  • Limits some use-cases
    • Looking for older versions of the documentation?
    Which UI do you use?
    Custom UI
    Pre built UI