Skip to main content

Enable JWTs with sessions

caution

Using JWTs is optional and is only required if you want to integrate with another service that relies on JWTs or if you want to integrate with a backend framework that we do not support yet

When using this feature you do not need to create and maintain your own JWT signing keys, SuperTokens generates them for you. Currently only RSA based signing algorithms are supported.

Enable JWT feature#

let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({    supertokens: {...},    appInfo: {...},    recipeList: [        Session.init({            jwt: {                enable: true,            },        })    ]});

Using a custom issuer#

By default SuperTokens uses your {apiDomain}/auth for the issuer URL. To change the path provide appInfo.apiBasePath when initialising SuperTokens.

In some cases you may need to provide a custom issuer, for example during development you may need to test with external services (like Hasura Cloud). Since the JWKS endpoint is exposed via your backend, JWT verification will fail because the service may not be able to query your local environment (localhost, 127.0.0.1). You can expose your local environment to the internet (using ngrok for example), and set a custom issuer URL instead:

let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({    supertokens: {...},    appInfo: {...},    recipeList: [        Session.init({            jwt: {                enable: true,                /*                * This is an example of a URL that ngrok generates when                * you expose localhost to the internet                */                issuer: "https://0d53-2405-201-e-d8bd-587b-3674-124d-4208.ngrok.io/auth",            },        })    ]});
important

Custom issuer URLs must end with your apiBasePath, which is /auth by default