Skip to main content

Update Access Token Payload

Method 1) After session verification#

import express from "express";import { verifySession } from "supertokens-node/recipe/session/framework/express";import { SessionRequest } from "supertokens-node/framework/express";
let app = express();"/updateinfo", verifySession(), async (req: SessionRequest, res) => {
    let session = req.session;
    await session!.mergeIntoAccessTokenPayload(        { newKey: "newValue" }    );
    res.json({ message: "successfully updated access token payload" })});
  • We first require session verification in order to get the session object
  • Using that object, we call the mergeIntoAccessTokenPayload with new content. This merges the update into the existing object, removing keys set to null in the root of the update object.
  • The result is that the access token is updated in the user's browser cookies. The change is instantly visible on the frontend and the subsequent backend API calls.

Method 2) Without session verification#


Changes to the access token payload via this method are reflected in the session only once the session is refreshed. So use method (1) whenever possible.

import Session from "supertokens-node/recipe/session";
async function updateAccessTokenPayload() {      let userId = "...";      // we first get all the sessionHandles (string[]) for a user      let sessionHandles = await Session.getAllSessionHandlesForUser(userId);
      // we update all the session's Access Token payloads for this user      sessionHandles.forEach(async (handle) => {            let currSessionInfo = await Session.getSessionInformation(handle);            if (currSessionInfo === undefined) {                  return;            }
            await Session.mergeIntoAccessTokenPayload(handle,                  { newKey: "newValue" }            );      })}
What type of UI do you want to use?
Custom UI
Pre built UI