使用Auth0的nextjs-auth0库中的useUser()如何在不读取cookies的情况下查找用户?

huangapple go评论126阅读模式
英文:

How can useUser() in the Auth0 nextjs-auth0 library lookup a user without reading cookies?

问题

Auth0的useUser() 尝试从/api/auth/me获取已登录用户,调用handleAuth(),该函数启动Auth0(创建sessionCache实例等)并调用profileHandler(req, res)

profileHandler中,我们看到调用sessionCache.isAuthenticated(req, res),这个函数反过来检查sessionCache实例,查找以前的会话条目(键:req对象,值:包含用户信息、access_token、id_token等的加密对象)。

由于每个API调用,即从/api/auth/me/api/auth/login或其他地方调用的handleAuth(),都是一个独立的无服务器函数调用,profileHandler/api/auth/me)真的会在sessionCache中找到一个条目吗?

我知道我们在登录时(在callbackHandler中)在那里添加了一个条目,但我不理解缓存值是如何在两个独立的无服务器函数调用之间保持的。

nextjs-auth0在文档中表示:

> 默认情况下,会话是无状态的,存储在加密的cookie中。但如果您想要有状态的会话,可以提供一个具有getsetdestroy方法的存储来在服务器上存储会话。

所以,我们知道它是无状态的。

英文:

Auth0's useUser() attempts to fetch a logged in user from /api/auth/me, which calls handleAuth(), which initiates Auth0 (creates sessionCache instance, etc.) and calls profileHandler(req, res).

In the profileHandler, we see a call to sessionCache.isAuthenticated(req, res), which in turn checks the sessionCache instance for a previous session entry (key: req object, value: Encrypted object containing user info, access_token, id_token, etc.).

Since each API call, i.e. each call of handleAuth(), whether from /api/auth/me, /api/auth/login, or otherwise, is a separate serverless function call, will profileHandler (/api/auth/me) really ever find an entry in the sessionCache?

I know we add an entry there at login (in callbackHandler), but I do not understand how that cache value persists between two separate Serverless Function calls.

nextjs-auth0 states in the docs:

> By default, the session is stateless and stored in an encrypted
> cookie. But if you want a stateful session you can provide a store
> with get, set and destroy methods to store the session on the
> server.

So, we know it is stateless.

答案1

得分: 2

我不理解缓存值如何在两个独立的无服务器函数调用之间持续存在。

会话存储在一个Cookie中,每个独立的无服务器函数调用都会读取该Cookie并填充sessionCache(它在每个请求中存储会话在WeakMap中)。sessionCache 只是为了确保您可以在单个请求的生命周期内多次访问会话,而无需每次都读取/解密Cookie。

英文:

> I do not understand how that cache value persists between two separate Serverless Function calls.

The session is stored in a cookie and every separate Serverless Function call reads that cookie and populates the sessionCache (which stores the session in a WeakMap per request). The sessionCache is just there to make sure you can access the session multiple times during the lifecycle of a single request without having to read/decrypt the cookie every time.

huangapple
  • 本文由 发表于 2023年3月23日 11:05:27
  • 转载请务必保留本文链接:https://go.coder-hub.com/75818939.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定