How secure are Memberstack tokens for backend verification in Next.js applications?

Post author
Oneness edu

Hello,

We have a website that is built using Webflow and users can become members by purchasing memberships. We are now building a web application for those members using Next.js. I noticed that when a member logs in, they are provided a token, and that Memberstack provides the functionality to verify that token. 

My question is, is this token enough to use to verify the user on the backend before fetching their other data we have stored in the database? I see it is stored in a non-http-only cookie. Is this more of a session token? Should we implement separate JWT access token?

Thank you, any help is appreciated.

Comments

4 comments

  • Comment author
    Josh Lopez

    hey Oneness edu

    Here is the doc on jwt tokens using our Admin Package. That should get you on the right track!

    1
  • Comment author
    Oneness edu

    Hi Josh Lopez

    Thank you for the reply! I see that you provide a package to verify the members' token. I just want to confirm, is this token provided to the user OK to use as an access token to serve the user on our backend?

    I had originally thought that it was okay to use as an access token, then realized it was a session token (this might be where I am misunderstanding the token), and set up my own jwt access token and verification.

    0
  • Comment author
    Tyler Bell

    Hi there,

    I just want to confirm, is this token provided to the user OK to use as an access token to serve the user on our backend?

    Yes! totally fine as long as you are verifying it's signature with our available methods.

    1
  • Comment author
    Oneness edu

    Great, thanks for the quick responses guys :)

    0

Please sign in to leave a comment.