This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
verifySession depends on the value of
rid and the method to decide if it should re-throw
TRY_REFRESH_TOKEN errors coming from the token validation when the access token expired.
Related issue: https://github.com/supertokens/supertokens-node/issues/156
- Return undefined
- Optional session verification should re-throw TRY_REFRESH_TOKEN errors
Optional session verification should re-throw TRY_REFRESH_TOKEN errors. Reasons:
- Easier to communicate
ridheader affecting if the
TRY_REFRESH_TOKENcould be unexpected by users
ridheader would be missing in most cases when testing using Postman. It's confusing if that works different from making the same requests through the SDK.
We can ask users who want to use something like sendBeacon on the frontend which doesn't use our interceptors and want to ignore TRY_REFRESH_TOKEN errors on the backend, to create their own middleware which uses getSession and catches and ignores the TRY_REFRESH_TOKEN error.