Bridge Validation

Bridge Validation is the core mechanism that connects your Flowfull backend to Flowless (the authentication server on Pubflow).

What is Bridge Validation?

Think of it as a trust bridge between your custom backend and the authentication system. Instead of building authentication from scratch, you validate sessions through this bridge.

Why Use Bridge Validation?

Traditional approach:

• ❌ Build user registration
• ❌ Build login system
• ❌ Build session management
• ❌ Build password reset
• ❌ Build email verification
• ❌ Maintain security updates

Bridge Validation approach:

• ✅ Use Flowless on Pubflow for all auth
• ✅ Validate sessions via Bridge Validation
• ✅ Focus on your business logic

How It Works

┌─────────────┐         ┌──────────────┐         ┌─────────────┐
│   Client    │────────▶│   Flowfull   │────────▶│  Flowless   │
│  (Frontend) │  1️⃣     │ (Your Backend)│  2️⃣     │ (Pubflow)   │
└─────────────┘         └──────────────┘         └─────────────┘
                              │  3️⃣
                              ▼
                        ┌──────────┐
                        │  Cache   │
                        │ (LRU/Redis)│
                        └──────────┘

Flow:

1. Client sends request with X-Session-Id header
2. Flowfull checks cache (LRU or Redis) for session
3. If not cached, validates with Flowless API
4. Caches result for future requests
5. Returns user data to your route handler

Implementation

Node.js/TypeScript

import { BridgeValidator } from './lib/bridge';

const validator = new BridgeValidator({
  flowlessUrl: process.env.FLOWLESS_URL,
  bridgeSecret: process.env.BRIDGE_SECRET,
  validationMode: 'STANDARD'
});

// Validate session
const session = await validator.validateSession(
  sessionId,
  ipAddress,
  userAgent,
  deviceId
);

if (session) {
  console.log('User:', session.user_id);
  console.log('Email:', session.email);
}

Go

package main

import (
    "github.com/pubflow/flowfull-go/bridge"
)

func main() {
    validator := bridge.NewValidator(bridge.Config{
        FlowlessURL:    os.Getenv("FLOWLESS_URL"),
        BridgeSecret:   os.Getenv("BRIDGE_SECRET"),
        ValidationMode: "STANDARD",
    })
    
    session, err := validator.ValidateSession(
        sessionID,
        ipAddress,
        userAgent,
        deviceID,
    )
    
    if err == nil {
        fmt.Println("User:", session.UserID)
    }
}

Python

from flowfull import BridgeValidator

validator = BridgeValidator(
    flowless_url=os.getenv("FLOWLESS_URL"),
    bridge_secret=os.getenv("BRIDGE_SECRET"),
    validation_mode="STANDARD"
)

session = await validator.validate_session(
    session_id=session_id,
    ip_address=ip_address,
    user_agent=user_agent,
    device_id=device_id
)

if session:
    print(f"User: {session.user_id}")

Configuration

Environment Variables

# Flowless Configuration
FLOWLESS_URL=https://your-instance.pubflow.com
BRIDGE_SECRET=your-bridge-secret-here

# Validation Mode
VALIDATION_MODE=STANDARD  # DISABLED, STANDARD, ADVANCED, STRICT

# Cache Configuration
CACHE_ENABLED=true
CACHE_TTL=3600  # 1 hour

Validation Modes

• DISABLED - No validation (development only)
• STANDARD - IP address validation
• ADVANCED - IP + User-Agent validation
• STRICT - IP + User-Agent + Device ID validation

Learn more about Validation Modes →

Performance

Bridge Validation uses caching for optimal performance:

• Cache Hit: 1-2ms response time
• Cache Miss: 20-50ms (validates with Flowless)
• Hit Rate: 95-99% in production

Cache Strategy

1. Check LRU cache (in-memory, fastest)
2. Check Redis cache (shared across instances)
3. Validate with Flowless (source of truth)
4. Update caches for future requests

Security

Bridge Validation includes multiple security layers:

1. Secret Validation - Bridge secret must match
2. Session Expiration - Expired sessions rejected
3. IP Validation - IP address must match (STANDARD+)
4. User-Agent Validation - Browser must match (ADVANCED+)
5. Device ID Validation - Device must match (STRICT)

Best Practices

✅ Do

• Use STANDARD mode for most applications
• Enable caching for performance
• Set appropriate cache TTL (1-24 hours)
• Use STRICT mode for sensitive operations
• Monitor cache hit rates

❌ Don't

• Use DISABLED mode in production
• Skip caching (performance impact)
• Set cache TTL too high (stale data)
• Hardcode bridge secret in code
• Ignore validation errors

Troubleshooting

Session Not Found

Problem: Session not found error

Solutions:

• Check session ID is correct
• Verify session hasn't expired
• Ensure Flowless URL is correct
• Check bridge secret matches

Invalid Bridge Secret

Problem: Invalid bridge secret error

Solutions:

• Verify BRIDGE_SECRET in .env
• Check secret matches Flowless instance
• Ensure no extra spaces in secret

Cache Issues

Problem: Stale session data

Solutions:

• Reduce cache TTL
• Clear cache after user logout
• Use Redis for shared cache

Next Steps

• Validation Modes - Configure security levels
• HybridCache - Optimize performance
• Auth Middleware - Protect routes

Need Help?

• 🌐 Notside.com - Professional Pubflow implementation services
• 📧 Email: contact@notside.com
• 💼 Services: Custom development, consulting, enterprise support