This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
- rishabhpoddar, porcellus
- Proposed by:
- Last updated:
We want to make our access token into a valid JWT. So, in the future the jwt setting will be "replaced" with just setting the auth mode to header. We need to decide a deprecation/migration path.
- Add deprecation warning if the jwt setting is turned on.
- Keep the jwt option.
Once we make the entire access token into a JWT:
- Add deprecation warning with a migration link and set
exposeAccessTokenToFrontendInCookieBasedAuthto true. See here
- Add a function to the FE to access the entire access token as a string.
Until then: the auth mode and jwt options are entirely independent, the jwt can be accessed through the access token payload in both auth modes.