Skip to main content

Authentication without JWTs

To support SuperTokens auth with Hasura without using JWTs you would need to:

  • Set up a reverse proxy in your backend server that would relay requests from your frontend to Hasura
  • Your frontend would call an API on your backend, the API would then use verifySession and add userId and other claims to each request made to Hasura

The advantage of using this mechanism is that no token is exposed to the frontend, which prevents XSS attacks

Which frontend SDK do you use?
supertokens-web-js / mobile