However I still have some questions on how to go about this. Currently my FE is making a request to my backend directly, to which I would now like to add auth. From my reading of the above comment and linked documentation, my thought process for how it has to work is the following.
Instead of making the call directly to the backend, I now make the call to the endpoint for a new Netlify Function I define. I pass in the JWT via the header so that it’s automatically authed for me and the user information attached to the context variable.
I now bundle this data with the rest of the query I want to send to my backend using fetch. However, I want to sign the outgoing data so that my backend knows it is coming from Netlify. Therefore what I actually do is I fetch a “local” endpoint, but define a redirect with the signing value filled and pointed toward my backend(?). My lambda function then waits for the result and simply passes it back to the FE to use as it was using it before.
Hi @sparty, you have a few options, one of them is to use signed proxy redirects, you can read about this at Introducing Structured Redirects and Headers . And you proxy the api call to your backend and you send the request through that proxy and we’ll sign it with a JWT that you can now authenticate since you’ll have the signing secret. Another option is to use a library to generate a JWT in your function that you send to your backend and authenticate there. Either way will be fine.
I definitely want to do the signed redirect for my setup. My question is really about what you talk about here: "And you proxy the api call to your backend and you send the request through that proxy and we’ll sign it with a JWT that you can now authenticate since you’ll have the signing secret. "
I get what you’re saying, but I’m just trying to figure out how to actually implement it. Where does the Netlify Function and redirect come in, respectively?
Currently:
Front end —query—> Back end
What I think you’re saying:
Front end —query–> Netlify Function --> Redirect with secret signing --> Back end
Or is it:
Front end —query–> Redirect with secret signing --> Netlify Function --> Back end
@futuregerald definitely! That would help a ton for developers like me who understand these concepts in general but are still getting use to actually implementing them in the Netlify platform itself, which is overall very easy to sue but has its quirks. The redirecting in particular can use some nice examples paired with Functions for a common use case like this.
Hey @futuregerald, this solution is not working for me. From client:
query calls Netlify function
Netlify function redirects to backend api
Netlify shows that the proxy is successfully created, and I get results, but the api request (via proxy) is not being signed.
My netlify.toml file includes signed = “API_KEY”
Just to make sure you’re doing something we intend to work:
how does your function “redirect” to the backend API, exactly? send an HTTP 301 to a different path on your netlify site?
the path that visitor (or the function, if it calls /someotherpath directly) loads, is the one you have the “signed” configuration on?
your backend looks for the signature (please tell us how it is looking) and doesn’t find it.
If those aren’t true, please explain in more detail how you are configured.
If those are true, please let me know what site are you working with, so I can examine your redirects settings to make sure we parsed and deployed
