Skip to main content

Customizing Error Handling

SuperTokens session recipie can throw the following errors:#

Unauthorised error#

  • Thrown when a protected backend API is accessed without a session.
  • The default bahaviour of this is to clear session cookies (if any) and send a 401 to the frontend.
import SuperTokens from "supertokens-node";import Session from "supertokens-node/recipe/session";
SuperTokens.init({    supertokens: {        connectionURI: "...",    },    appInfo: {        apiDomain: "...",        appName: "...",        websiteDomain: "..."    },    recipeList: [        Session.init({            errorHandlers: {                onUnauthorised: async (message, request, response) => {                    // TODO: Write your own logic and then send a 401 response to the frontend                },            }        })    ]});

Invalid claim error#

  • Thrown when a protected backend API is accessed with a session that doesn't pass the claim validators
  • The default bahaviour of this is to send a 403 to the frontend with the errors includes in the body.
import SuperTokens from "supertokens-node";import Session from "supertokens-node/recipe/session";
SuperTokens.init({    supertokens: {        connectionURI: "...",    },    appInfo: {        apiDomain: "...",        appName: "...",        websiteDomain: "..."    },    recipeList: [        Session.init({            errorHandlers: {                onInvalidClaim: async (message, request, response) => {                    // TODO: Write your own logic and then send a 403 response to the frontend                },            }        })    ]});

Token theft detected#

import SuperTokens from "supertokens-node";import Session from "supertokens-node/recipe/session";
SuperTokens.init({    supertokens: {        connectionURI: "...",    },    appInfo: {        apiDomain: "...",        appName: "...",        websiteDomain: "..."    },    recipeList: [        Session.init({            errorHandlers: {                onTokenTheftDetected: async (sessionHandle, userId, req, res) => {                    // TODO: Write your own logic and then send a 401 response to the frontend                },            }        })    ]});