Skip to main content

Reading JWT payload claims

caution

Using JWTs is optional and is only required if you want to integrate with another service that relies on JWTs or if you want to integrate with a backend framework that we do not support yet

On the backend#

Method 1) After session verification#

import express from "express";import { verifySession } from "supertokens-node/recipe/session/framework/express";
let app = express();
app.get("/getJWT", verifySession(), async (req, res) => {
    let session = req.session;
    let role = session.getAccessTokenPayload()["role"];
    res.json({ role })});

Method 2) Without session verification#

import Session from "supertokens-node/recipe/session";
async function getRole() {      let userId = "...";      // we first get all the sessionHandles (string[]) for a user      let sessionHandles = await Session.getAllSessionHandlesForUser(userId);
      // we update all the session's Access Token payloads for this user      sessionHandles.forEach(async (handle) => {            let currSessionInfo = await Session.getSessionInformation(handle)            if (currSessionInfo === undefined) {                  return;            }            let role = currSessionInfo.accessTokenPayload["role"];      })}

On the frontend#


import React from "react";import { useSessionContext } from 'supertokens-auth-react/recipe/session'; 
// Your dashboard componentfunction Dashboard(props: any) {    let session = useSessionContext();
    if (session.loading) {        return null;    }
    if (!session.doesSessionExist) {        // TODO    } else {        let {userId, accessTokenPayload} = session;
        let name = accessTokenPayload.name;
        // TODO    }}