Skip to main content

Adding custom claims to the JWT


Using JWTs is optional and is only required if you want to integrate with another service that relies on JWTs or if you want to integrate with a backend framework that we do not support yet

JWTs are exposed to the frontend, they should not be used as a way to store sensitive information

Adding your own claims#

When using the JWT feature you can add custom claims to the JWT by using our override feature.

let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({    supertokens: {...},    appInfo: {...},    recipeList: [        Session.init({            jwt: {                enable: true,            },            override: {                functions: function (originalImplementation) {                    return {                        ...originalImplementation,                        createNewSession: async function (input) {                            input.accessTokenPayload = {                                ...input.accessTokenPayload,                                role: "user",                            };
                            return originalImplementation.createNewSession(input);                        },                    };                }            },        })    ]});

The above example would add a role claim to the JWT.

Claims added by SuperTokens#

SuperTokens adds some claims to JWT payloads:

  • sub: The userId is stored in this claim
  • iss: The issuer URL is stored under this claim. Read more here for information on what the default value is and how to configure it.
  • exp: The time since epoch (in seconds) after which the JWT is considered as expired
  • iat: The time since epoch (in seconds) when the JWT was created