SuperTokens

SuperTokens

  • Docs
  • Discord
  • Blog

›Common customizations

SIDEBAR_REPLACE_DOC_About this recipe

  • About this recipe

Quick setup

  • Frontend
  • Backend
  • Core

    • Self Hosted setup with Docker
    • Self Hosted setup without Docker
    • Managed Service

    Database Setup

    • If using MySQL
    • If using PostgreSQL
    • If using MongoDB
    • Rename database tables

SIDEBAR_REPLACE_DOC_About appInfo

  • About appInfo

Common customizations

  • Creating a new session
  • Session Verification in API
  • Sign Out
  • Revoking a session manually
  • Change session timeout
  • Checking if a session exists on the frontend
  • Get user information on the frontend
  • Handling session expiry
  • Securing a website route / component
  • Fetching sessions for a user
  • Update JWT Payload
  • Update Session Data
  • Session and user roles

    • Assigning roles to a session
    • Reading roles in an API
    • Reading roles in the frontend
    • Updating roles in a session
  • Multiple API endpoints
  • Cookies and Https
  • Cookie Consent
  • Share sessions across sub domains
  • Anti CSRF
  • Same site cookies
  • JWT Signing key rotation
  • Access token blacklisting
  • Using in an iframe
  • Customizing Error Handling
  • Changing base path

    • Website Base Path
    • API Base Path

    Core

    • Adding API Keys
    • Tuning Performance
    • Logging

    Core CLI

    • Overview
    • Start
    • List
    • Stop
    • Uninstall

Advanced customizations

  • Overview
  • Frontend functions override

    • About
    • How to use

    Backend functions override

    • About
    • How to use

    APIs override

    • About
    • How to use
    • Disabling APIs

    Frontend hooks

    • Pre API Hook
    • Handle Event Hook

SIDEBAR_REPLACE_DOC_With FaunaDB

  • Using with FaunaDB

Serverless Deployment

    With Netlify

    • About
    • 1. Frontend Setup
    • 2. Backend config
    • 3. Exposing Auth APIs
    • 4. Session verification / Building your APIs
    • 5. Next steps

    With AWS Lambda

    • About
    • 1. Frontend Setup
    • 2. Backend config
    • 3. Exposing Auth APIs
    • 4. Setting Up API Gateway & CORS
    • 5. Session verification / Building your APIs
    • 6. Next steps

Testing

  • Testing with Postman

SIDEBAR_REPLACE_DOC_SDK Reference

  • SDK Reference

SIDEBAR_REPLACE_DOC_API Reference

  • API Reference

Session Verification in API

For your APIs that require a user to be logged in, use the verifySession middleware:

NodeJS
let Session = require("supertokens-node/recipe/session");

app.post("/like-comment", Session.verifySession(), (req, res) => {
let userId = req.session.getUserId();
//....
});

req.session object

This object exposes the following functions:

  • getUserId
  • getSessionData
  • updateSessionData
  • getJWTPayload
  • updateJWTPayload
  • revokeSession

Optionally verify a session

Sometimes, you want an API to be accessible even if there is no session. In that case, you can use the sessionRequired flag:

let Session = require("supertokens-node/recipe/session");

app.post("/like-comment", 
    Session.verifySession({sessionRequired: false}),
    (req, res) => {
    if (req.session !== undefined) {
        let userId = req.session.getUserId();
    } else {
        // user is not logged in...
    }
});
← Creating a new sessionSign Out →