NextJS and Clerk – Secure Authentication at the Edge
edge.clerk.appHey HN! This is an exciting launch for us - it's the first time we're really showing off our new stateless authentication mechanism.
The debate of stateless JWTs vs stateful auth is well-storied on HN, and we frequently checked this thread to make sure we were checking all the boxes: https://news.ycombinator.com/item?id=21783303
We think stateless JWTs are technically better (e.g. much faster with more-than-acceptable security for most use cases), but it's always been too big of a hassle to setup the short-lifetime that's necessary for security.
So we endeavored to build a product around "stateless auth done right." We handle all the refresh mechanisms for you - it's completely abstracted away. If the 60 second lifetime is too long for you, we still provide an easy way to drop down to stateful auth against our API.
At present, this authentication mechanism is strictly bundled with our User Management product that includes sign-up and sign-in flows and a user profile page. One thing we're interested to learn: is there any demand for a standalone "session management" product where you bring your own user management solution?
Thanks!
<1 ms auth speed... I'll take that
It's really incredible. We've come to think of it as "pre-authentication" vs "just-in-time authentication."
The hard work of generating the JWT is done in the background, out of the critical path, so the request can just fly through verification.