Workin on a JS back-end (NestJs), what is the best practice to combine API key auth for external server calls and JWT auth for internal server calls.
For example, using API Key force server to open CORS to every one which I don't want for my main server.
What is the best architectural pattern to mix these use cases ?
- 1 server for JWT (app - server) + 1 server for API Key (external site - server)
- 1 server for the two (open CORS + create 1 route for each auth strategy)
- other ?
Aucun commentaire:
Enregistrer un commentaire