How to securely authenticate users with external collection

Hello,

I’m trying to better understand current best practice for connecting to an external collection. In my scenario, I’d like to connect to a REST API that I built so I can obtain my list of “widgets.” Below is my thought process so far, please feel free to make suggestions!

Idea #1: Don’t use authentication on the REST service.
This won’t work for my needs, but its a starting point. If I don’t require users to authenticate at the REST API level, I can have any user request the widgets the user cares about.

Idea #2: Use a per-user hard coded JWT token
This is better, but its still not very secure. I was reading this post from May 2021, in which @ColinWinhall was showing another poster how to use a variable for a JWT token in a connection: Variables support for JWT Authentication | Voters | Adalo. With this, I could put a per-user variable in the database and store their hardcoded token. JWT tokens would have to be permanent and could not be allowed to expire.

Idea #3: Refresh the per-user JWT token when it expires
This would be my real goal. I’d still storing the user’s JWT token in the Adalo database which I don’t love, but it’s the best I’ve come up with so far.

Is #3 possible? Are there better ways I could be trying to do this?