Skip to main content

Session Migration

In this section we will go over how to migrate Auth0 user sessions to SuperTokens sessions.

There are two steps to this process

  • Adding a new /migrate-session API to your backend which will create a new SuperTokens session
  • Checking if a Auth0 session exists on your frontend and calling the /migrate-session API so that a SuperTokens session is created and the Auth0 session is revoked.

Flow#

Flow of migrating Auth0 sessions to SuperTokens sessions

Frontend Changes:#

  • On your frontend, on page load, check if a valid Auth0 session exists. If a valid session exists send a request to the API defined in the next section with the Auth0 access token. You can then revoke the Auth0 session.
Frontend changes
import axios from "axios";
// You will need to add the SuperTokens axios interceptor so cookies are properly set.import SuperTokens from "supertokens-website";SuperTokens.addAxiosInterceptors(axios)
async function getAccessTokenFromAuth0() {    // Check if a session with Auth0 exists and return access_token. Return undefined otherwise}
async function revokeAuth0Session() {    // Remove the session with Auth0}
// Call this function on page loadasync function migrateUserSessions() {    let apiDomain = "...";    // On page load retrieve the users Auth0 access token if a session exists    // TODO: getAccessTokenFromAuth0 is a function defined by you    let access_token = await getAccessTokenFromAuth0()
    if (access_token !== undefined) {
        // send a request to your migrate session endpoint with Auth0's access token        let response = await axios.post(`${apiDomain}/migrate-session`, {            body: {                access_token            }        })        if (response.data.status === "OK") {            // revoke users Auth0 session            // TODO: revokeAuth0Session is a function defined by you            await revokeAuth0Session()        }    }}

Backend Changes:#

  • Create a new API on your backend, this will be called by the frontend to migrate a user's Auth0 session:
Backend changes
import express from "express";import Session from "supertokens-node/recipe/session";import jsonWebToken from "jsonwebtoken";
let app = express();
app.post("/migrate-session", async (req, res) => {
    //extract auth0 access_token from request    let access_token = req.body.access_token
    // Decode the users access token and retrive their userId    let auth0UserId = jsonWebToken.decode(access_token)!.sub
    // create a new SuperTokens session using the Auth0 userId    // the createNewSession function will attach the SuperTokens session cookies to the response object.    await Session.createNewSession(res, auth0UserId)    res.send({        status: "OK"    })})