Adding custom claims to the JWT
caution
Using JWTs is optional and is only required if you want to integrate with another service that relies on JWTs or if you want to integrate with a backend framework that we do not support yet
JWTs are exposed to the frontend, they should not be used as a way to store sensitive information
Adding your own claims#
When using the JWT feature you can add custom claims to the JWT by using our override feature.
- NodeJS
- GoLang
- Python
import SuperTokens from "supertokens-node";import Session from "supertokens-node/recipe/session";
SuperTokens.init({ supertokens: { connectionURI: "...", }, appInfo: { apiDomain: "...", appName: "...", websiteDomain: "..." }, recipeList: [ Session.init({ jwt: { enable: true, }, override: { functions: function (originalImplementation) { return { ...originalImplementation, createNewSession: async function (input) { input.accessTokenPayload = { ...input.accessTokenPayload, role: "user", };
return originalImplementation.createNewSession(input); }, }; } }, }) ]});import ( "net/http"
"github.com/supertokens/supertokens-golang/recipe/session" "github.com/supertokens/supertokens-golang/recipe/session/sessmodels" "github.com/supertokens/supertokens-golang/supertokens")
func main() { supertokens.Init(supertokens.TypeInput{ RecipeList: []supertokens.Recipe{ session.Init(&sessmodels.TypeInput{ Jwt: &sessmodels.JWTInputConfig{ Enable: true, }, Override: &sessmodels.OverrideStruct{ Functions: func(originalImplementation sessmodels.RecipeInterface) sessmodels.RecipeInterface {
originalCreateNewSession := *originalImplementation.CreateNewSession
(*originalImplementation.CreateNewSession) = func(res http.ResponseWriter, userID string, accessTokenPayload, sessionData map[string]interface{}, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) { if accessTokenPayload == nil { accessTokenPayload = map[string]interface{}{} } accessTokenPayload["role"] = "user"
return originalCreateNewSession(res, userID, accessTokenPayload, sessionData, userContext) }
return originalImplementation }, }, }), }, })}from supertokens_python import init, InputAppInfofrom supertokens_python.recipe import sessionfrom supertokens_python.recipe.session.interfaces import RecipeInterfacefrom typing import Dict, Any, Union
def override_functions(original_implementation: RecipeInterface): original_implementation_create_new_session = original_implementation.create_new_session
async def create_new_session(request: Any, user_id: str, access_token_payload: Union[None, Dict[str, Any]], session_data: Union[None, Dict[str, Any]], user_context: Dict[str, Any]):
if access_token_payload is None: access_token_payload = {}
access_token_payload['role'] = 'user'
return await original_implementation_create_new_session(request, user_id, access_token_payload, session_data, user_context)
original_implementation.create_new_session = create_new_session return original_implementation
init( app_info=InputAppInfo(api_domain="...", app_name="...", website_domain="..."), framework='...', recipe_list=[ session.init( jwt=session.JWTConfig(enable=True), override=session.InputOverrideConfig( functions=override_functions ) ) ])The above example would add a role claim to the JWT.
Claims added by SuperTokens#
SuperTokens adds some claims to JWT payloads:
sub: The userId is stored in this claimiss: The issuer URL is stored under this claim. Read more here for information on what the default value is and how to configure it.exp: The time since epoch (in seconds) after which the JWT is considered as expirediat: The time since epoch (in seconds) when the JWT was created