Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Recommend std JWT validation functions/middlewares

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2023-05-11

Context and Problem Statement#

We can choose to provide a new validator function/middleware to check the access tokens we issue.

Considered Options#

  • Provide validation function
  • Recommend std JWT validation functions/middlewares

Decision Outcome#

Chosen option: Recommend std JWT validation functions/middlewares

  • We need to provide guidance on validating these tokens without our SDK anyway
  • No extra code/interface/things to maintain
  • We can choose to add a validation function later (but removing it is harder/more breaking)
  • This can be very similar to the one we recommend to validate non-OAuth2 (normal, supertokens session) access tokens
    • It should use the same jwks endpoint as the jwt/st session access token validator

Pros and Cons of the Options#

Provide validation function#

  • Easy to use (if using our SDK)
  • We need to provide guidance on validating these tokens without our SDK anyway
  • Extra code/work
  • Recommend std JWT validation functions/middlewares#

  • We need to provide guidance on validating these tokens without our SDK anyway
  • No extra code/interface/things to maintain
  • Harder to use if our than the other option if our SDK is already there