I am going to create a website that uses a headless cms for easy entering and admin of data, Strapi is the preferred choice. For authentication and authorization I am thinking to use a separate backend so that the frontend will communicate solely with my backend that in turns get data from the cms.
Is this unnecessarily complicated? Bad practice?
User <--> Frontend <--> Backend <--> Headless cms <--> Admin UI
Opinion questions aren't really welcome on stack overflow.
And there is nothing can be answered without knowing why exactly (auth type, providers, strapi can't handle) would you need extra backend layer since strapi already provides user-permissons plugin, used for auth... And there is already stuff like providers for auth...
In any case, the problem here is not is it good? or is it bad? to add a backend layer, but real problem is maintain the code base after you add it...
Personally i doubt you have case that you need extra layer, and even more i doubt that you can't extend strapi that way to add what's you missing...
