I have a SSR react app that uses apollo. My app server lives under one domain using express while the graphql server is under another domain. I'm having issues trying to understand how the authentication should work.
Currently on my app server I create a cookie session via firebase's documentation. All is fine with that, but I have a couple questions.
- I'm currently using firebase's admin SDK to authenticate the request both on the app server and graphql server. I'm doing this because the initial SSR page gets rendered on the server, while all subsequent requests go directly do the graphql server. The redundancy of the authentication doesn't seem to be the right way to do this. Can someone verify?
- If this isnt' the right way to do things, should I set up a simple proxy for all graphql requests from my. Essentially making all graphql request going from the client to my app server, which then goes to the graphql server under the hood?
- Any other recommendations how to properly set this up? I'm at a complete loss here
