Class default

constructor

• new default(): default

  Returns default

StaticError

Staticinit

StaticcreateJWT

• createJWT(
      payload?: any,
      validitySeconds?: number,
      useStaticSigningKey?: boolean,
      userContext?: Record<string, any>,
  ): Promise<
      | { jwt: string; status: "OK" }
      | { status: "UNSUPPORTED_ALGORITHM_ERROR" },
  >

  Parameters

  • Optionalpayload: any
  • OptionalvaliditySeconds: number
  • OptionaluseStaticSigningKey: boolean
  • OptionaluserContext: Record<string, any>

  Returns Promise<
      | { jwt: string; status: "OK" }
      | { status: "UNSUPPORTED_ALGORITHM_ERROR" },
  >

StaticcreateNewSession

• createNewSession(
      req: any,
      res: any,
      tenantId: string,
      recipeUserId: RecipeUserId,
      accessTokenPayload?: any,
      sessionDataInDatabase?: any,
      userContext?: Record<string, any>,
  ): Promise<SessionContainer>

  Parameters

  • req: any
  • res: any
  • tenantId: string
  • recipeUserId: RecipeUserId
  • accessTokenPayload: any = {}
  • sessionDataInDatabase: any = {}
  • OptionaluserContext: Record<string, any>

  Returns Promise<SessionContainer>

StaticcreateNewSessionWithoutRequestResponse

• createNewSessionWithoutRequestResponse(
      tenantId: string,
      recipeUserId: RecipeUserId,
      accessTokenPayload?: any,
      sessionDataInDatabase?: any,
      disableAntiCsrf?: boolean,
      userContext?: Record<string, any>,
  ): Promise<SessionContainer>

  Parameters

  • tenantId: string
  • recipeUserId: RecipeUserId
  • accessTokenPayload: any = {}
  • sessionDataInDatabase: any = {}
  • disableAntiCsrf: boolean = false
  • OptionaluserContext: Record<string, any>

  Returns Promise<SessionContainer>

StaticfetchAndSetClaim

• fetchAndSetClaim(
      sessionHandle: string,
      claim: SessionClaim<any>,
      userContext?: Record<string, any>,
  ): Promise<boolean>

  Parameters

  • sessionHandle: string
  • claim: SessionClaim<any>
  • OptionaluserContext: Record<string, any>

  Returns Promise<boolean>

StaticgetAllSessionHandlesForUser

• getAllSessionHandlesForUser(
      userId: string,
      fetchSessionsForAllLinkedAccounts?: boolean,
      tenantId?: string,
      userContext?: Record<string, any>,
  ): Promise<string[]>

  Parameters

  • userId: string
  • fetchSessionsForAllLinkedAccounts: boolean = true
  • OptionaltenantId: string
  • OptionaluserContext: Record<string, any>

  Returns Promise<string[]>

StaticgetClaimValue

• getClaimValue<T>(
      sessionHandle: string,
      claim: SessionClaim<T>,
      userContext?: Record<string, any>,
  ): Promise<
      | { status: "SESSION_DOES_NOT_EXIST_ERROR" }
      | { status: "OK"; value: undefined | T },
  >

  Type Parameters

  • T

  Parameters

  • sessionHandle: string
  • claim: SessionClaim<T>
  • OptionaluserContext: Record<string, any>

  Returns Promise<
      | { status: "SESSION_DOES_NOT_EXIST_ERROR" }
      | { status: "OK"; value: undefined | T },
  >

StaticgetJWKS

• getJWKS(
      userContext?: Record<string, any>,
  ): Promise<{ keys: JsonWebKey[]; validityInSeconds?: number }>

  Parameters

  • OptionaluserContext: Record<string, any>

  Returns Promise<{ keys: JsonWebKey[]; validityInSeconds?: number }>

StaticgetOpenIdDiscoveryConfiguration

• getOpenIdDiscoveryConfiguration(
      userContext?: Record<string, any>,
  ): Promise<
      {
          authorization_endpoint: string;
          end_session_endpoint: string;
          id_token_signing_alg_values_supported: string[];
          issuer: string;
          jwks_uri: string;
          response_types_supported: string[];
          revocation_endpoint: string;
          status: "OK";
          subject_types_supported: string[];
          token_endpoint: string;
          token_introspection_endpoint: string;
          userinfo_endpoint: string;
      },
  >

  Parameters

  • OptionaluserContext: Record<string, any>

  Returns Promise<
      {
          authorization_endpoint: string;
          end_session_endpoint: string;
          id_token_signing_alg_values_supported: string[];
          issuer: string;
          jwks_uri: string;
          response_types_supported: string[];
          revocation_endpoint: string;
          status: "OK";
          subject_types_supported: string[];
          token_endpoint: string;
          token_introspection_endpoint: string;
          userinfo_endpoint: string;
      },
  >

StaticgetSession

• getSession(req: any, res: any): Promise<SessionContainer>

  Parameters

  • req: any
  • res: any

  Returns Promise<SessionContainer>

• getSession(
      req: any,
      res: any,
      options?: VerifySessionOptions & { sessionRequired?: true },
      userContext?: Record<string, any>,
  ): Promise<SessionContainer>

  Parameters

  • req: any
  • res: any
  • Optionaloptions: VerifySessionOptions & { sessionRequired?: true }
  • OptionaluserContext: Record<string, any>

  Returns Promise<SessionContainer>

• getSession(
      req: any,
      res: any,
      options?: VerifySessionOptions & { sessionRequired: false },
      userContext?: Record<string, any>,
  ): Promise<undefined | SessionContainer>

  Parameters

  • req: any
  • res: any
  • Optionaloptions: VerifySessionOptions & { sessionRequired: false }
  • OptionaluserContext: Record<string, any>

  Returns Promise<undefined | SessionContainer>

• getSession(
      req: any,
      res: any,
      options?: VerifySessionOptions,
      userContext?: Record<string, any>,
  ): Promise<undefined | SessionContainer>

  Parameters

  • req: any
  • res: any
  • Optionaloptions: VerifySessionOptions
  • OptionaluserContext: Record<string, any>

  Returns Promise<undefined | SessionContainer>

StaticgetSessionInformation

• getSessionInformation(
      sessionHandle: string,
      userContext?: Record<string, any>,
  ): Promise<undefined | SessionInformation>

  Parameters

  • sessionHandle: string
  • OptionaluserContext: Record<string, any>

  Returns Promise<undefined | SessionInformation>

StaticgetSessionWithoutRequestResponse

• getSessionWithoutRequestResponse(
      accessToken: string,
      antiCsrfToken?: string,
  ): Promise<SessionContainer>

  Tries to validate an access token and build a Session object from it.

  Notes about anti-csrf checking:

  • if the antiCsrf is set to VIA_HEADER in the Session recipe config you have to handle anti-csrf checking before calling this function and set antiCsrfCheck to false in the options.
  • you can disable anti-csrf checks by setting antiCsrf to NONE in the Session recipe config. We only recommend this if you are always getting the access-token from the Authorization header.
  • if the antiCsrf check fails the returned satatus will be TRY_REFRESH_TOKEN_ERROR

  Results: OK: The session was successfully validated, including claim validation CLAIM_VALIDATION_ERROR: While the access token is valid, one or more claim validators have failed. Our frontend SDKs expect a 403 response the contents matching the value returned from this function. TRY_REFRESH_TOKEN_ERROR: This means, that the access token structure was valid, but it didn't pass validation for some reason and the user should call the refresh API. You can send a 401 response to trigger this behaviour if you are using our frontend SDKs UNAUTHORISED: This means that the access token likely doesn't belong to a SuperTokens session. If this is unexpected, it's best handled by sending a 401 response.

  Parameters

  • accessToken: string

    The access token extracted from the authorization header or cookies
  • OptionalantiCsrfToken: string

    The anti-csrf token extracted from the authorization header or cookies. Can be undefined if antiCsrfCheck is false

  Returns Promise<SessionContainer>
• getSessionWithoutRequestResponse(
      accessToken: string,
      antiCsrfToken?: string,
      options?: VerifySessionOptions & { sessionRequired?: true },
      userContext?: Record<string, any>,
  ): Promise<SessionContainer>

  Tries to validate an access token and build a Session object from it.

  Notes about anti-csrf checking:

  • if the antiCsrf is set to VIA_HEADER in the Session recipe config you have to handle anti-csrf checking before calling this function and set antiCsrfCheck to false in the options.
  • you can disable anti-csrf checks by setting antiCsrf to NONE in the Session recipe config. We only recommend this if you are always getting the access-token from the Authorization header.
  • if the antiCsrf check fails the returned satatus will be TRY_REFRESH_TOKEN_ERROR

  Results: OK: The session was successfully validated, including claim validation CLAIM_VALIDATION_ERROR: While the access token is valid, one or more claim validators have failed. Our frontend SDKs expect a 403 response the contents matching the value returned from this function. TRY_REFRESH_TOKEN_ERROR: This means, that the access token structure was valid, but it didn't pass validation for some reason and the user should call the refresh API. You can send a 401 response to trigger this behaviour if you are using our frontend SDKs UNAUTHORISED: This means that the access token likely doesn't belong to a SuperTokens session. If this is unexpected, it's best handled by sending a 401 response.

  Parameters

  • accessToken: string

    The access token extracted from the authorization header or cookies
  • OptionalantiCsrfToken: string

    The anti-csrf token extracted from the authorization header or cookies. Can be undefined if antiCsrfCheck is false
  • Optionaloptions: VerifySessionOptions & { sessionRequired?: true }

    Same options objects as getSession or verifySession takes, except the sessionRequired prop, which is always set to true in this function
  • OptionaluserContext: Record<string, any>

    User context

  Returns Promise<SessionContainer>
• getSessionWithoutRequestResponse(
      accessToken: string,
      antiCsrfToken?: string,
      options?: VerifySessionOptions & { sessionRequired: false },
      userContext?: Record<string, any>,
  ): Promise<undefined | SessionContainer>

  Tries to validate an access token and build a Session object from it.

  Notes about anti-csrf checking:

  • if the antiCsrf is set to VIA_HEADER in the Session recipe config you have to handle anti-csrf checking before calling this function and set antiCsrfCheck to false in the options.
  • you can disable anti-csrf checks by setting antiCsrf to NONE in the Session recipe config. We only recommend this if you are always getting the access-token from the Authorization header.
  • if the antiCsrf check fails the returned satatus will be TRY_REFRESH_TOKEN_ERROR

  Results: OK: The session was successfully validated, including claim validation CLAIM_VALIDATION_ERROR: While the access token is valid, one or more claim validators have failed. Our frontend SDKs expect a 403 response the contents matching the value returned from this function. TRY_REFRESH_TOKEN_ERROR: This means, that the access token structure was valid, but it didn't pass validation for some reason and the user should call the refresh API. You can send a 401 response to trigger this behaviour if you are using our frontend SDKs UNAUTHORISED: This means that the access token likely doesn't belong to a SuperTokens session. If this is unexpected, it's best handled by sending a 401 response.

  Parameters

  • accessToken: string

    The access token extracted from the authorization header or cookies
  • OptionalantiCsrfToken: string

    The anti-csrf token extracted from the authorization header or cookies. Can be undefined if antiCsrfCheck is false
  • Optionaloptions: VerifySessionOptions & { sessionRequired: false }

    Same options objects as getSession or verifySession takes, except the sessionRequired prop, which is always set to true in this function
  • OptionaluserContext: Record<string, any>

    User context

  Returns Promise<undefined | SessionContainer>
• getSessionWithoutRequestResponse(
      accessToken: string,
      antiCsrfToken?: string,
      options?: VerifySessionOptions,
      userContext?: Record<string, any>,
  ): Promise<undefined | SessionContainer>

  Tries to validate an access token and build a Session object from it.

  Notes about anti-csrf checking:

  • if the antiCsrf is set to VIA_HEADER in the Session recipe config you have to handle anti-csrf checking before calling this function and set antiCsrfCheck to false in the options.
  • you can disable anti-csrf checks by setting antiCsrf to NONE in the Session recipe config. We only recommend this if you are always getting the access-token from the Authorization header.
  • if the antiCsrf check fails the returned satatus will be TRY_REFRESH_TOKEN_ERROR

  Results: OK: The session was successfully validated, including claim validation CLAIM_VALIDATION_ERROR: While the access token is valid, one or more claim validators have failed. Our frontend SDKs expect a 403 response the contents matching the value returned from this function. TRY_REFRESH_TOKEN_ERROR: This means, that the access token structure was valid, but it didn't pass validation for some reason and the user should call the refresh API. You can send a 401 response to trigger this behaviour if you are using our frontend SDKs UNAUTHORISED: This means that the access token likely doesn't belong to a SuperTokens session. If this is unexpected, it's best handled by sending a 401 response.

  Parameters

  • accessToken: string

    The access token extracted from the authorization header or cookies
  • OptionalantiCsrfToken: string

    The anti-csrf token extracted from the authorization header or cookies. Can be undefined if antiCsrfCheck is false
  • Optionaloptions: VerifySessionOptions

    Same options objects as getSession or verifySession takes, except the sessionRequired prop, which is always set to true in this function
  • OptionaluserContext: Record<string, any>

    User context

  Returns Promise<undefined | SessionContainer>

StaticmergeIntoAccessTokenPayload

• mergeIntoAccessTokenPayload(
      sessionHandle: string,
      accessTokenPayloadUpdate: JSONObject,
      userContext?: Record<string, any>,
  ): Promise<boolean>

  Parameters

  • sessionHandle: string
  • accessTokenPayloadUpdate: JSONObject
  • OptionaluserContext: Record<string, any>

  Returns Promise<boolean>

StaticrefreshSession

• refreshSession(
      req: any,
      res: any,
      userContext?: Record<string, any>,
  ): Promise<SessionContainer>

  Parameters

  • req: any
  • res: any
  • OptionaluserContext: Record<string, any>

  Returns Promise<SessionContainer>

StaticrefreshSessionWithoutRequestResponse

• refreshSessionWithoutRequestResponse(
      refreshToken: string,
      disableAntiCsrf?: boolean,
      antiCsrfToken?: string,
      userContext?: Record<string, any>,
  ): Promise<SessionContainer>

  Parameters

  • refreshToken: string
  • disableAntiCsrf: boolean = false
  • OptionalantiCsrfToken: string
  • OptionaluserContext: Record<string, any>

  Returns Promise<SessionContainer>

StaticremoveClaim

• removeClaim(
      sessionHandle: string,
      claim: SessionClaim<any>,
      userContext?: Record<string, any>,
  ): Promise<boolean>

  Parameters

  • sessionHandle: string
  • claim: SessionClaim<any>
  • OptionaluserContext: Record<string, any>

  Returns Promise<boolean>

StaticrevokeAllSessionsForUser

• revokeAllSessionsForUser(
      userId: string,
      revokeSessionsForLinkedAccounts?: boolean,
      tenantId?: string,
      userContext?: Record<string, any>,
  ): Promise<string[]>

  Parameters

  • userId: string
  • revokeSessionsForLinkedAccounts: boolean = true
  • OptionaltenantId: string
  • OptionaluserContext: Record<string, any>

  Returns Promise<string[]>

StaticrevokeMultipleSessions

• revokeMultipleSessions(
      sessionHandles: string[],
      userContext?: Record<string, any>,
  ): Promise<string[]>

  Parameters

  • sessionHandles: string[]
  • OptionaluserContext: Record<string, any>

  Returns Promise<string[]>

StaticrevokeSession

• revokeSession(
      sessionHandle: string,
      userContext?: Record<string, any>,
  ): Promise<boolean>

  Parameters

  • sessionHandle: string
  • OptionaluserContext: Record<string, any>

  Returns Promise<boolean>

StaticsetClaimValue

• setClaimValue<T>(
      sessionHandle: string,
      claim: SessionClaim<T>,
      value: T,
      userContext?: Record<string, any>,
  ): Promise<boolean>

  Type Parameters

  • T

  Parameters

  • sessionHandle: string
  • claim: SessionClaim<T>
  • value: T
  • OptionaluserContext: Record<string, any>

  Returns Promise<boolean>

StaticupdateSessionDataInDatabase

• updateSessionDataInDatabase(
      sessionHandle: string,
      newSessionData: any,
      userContext?: Record<string, any>,
  ): Promise<boolean>

  Parameters

  • sessionHandle: string
  • newSessionData: any
  • OptionaluserContext: Record<string, any>

  Returns Promise<boolean>

StaticvalidateClaimsForSessionHandle

• validateClaimsForSessionHandle(
      sessionHandle: string,
      overrideGlobalClaimValidators?: (
          globalClaimValidators: SessionClaimValidator[],
          sessionInfo: SessionInformation,
          userContext: UserContext,
      ) => SessionClaimValidator[] | Promise<SessionClaimValidator[]>,
      userContext?: Record<string, any>,
  ): Promise<
      | { status: "SESSION_DOES_NOT_EXIST_ERROR" }
      | { invalidClaims: ClaimValidationError[]; status: "OK" },
  >

  Parameters

  • sessionHandle: string
  • OptionaloverrideGlobalClaimValidators: (
        globalClaimValidators: SessionClaimValidator[],
        sessionInfo: SessionInformation,
        userContext: UserContext,
    ) => SessionClaimValidator[] | Promise<SessionClaimValidator[]>
  • OptionaluserContext: Record<string, any>

  Returns Promise<
      | { status: "SESSION_DOES_NOT_EXIST_ERROR" }
      | { invalidClaims: ClaimValidationError[]; status: "OK" },
  >