603466164219281420 #general

hey! anyone can point me in the right direction regarding a supertokens JWT validation(or even decode)? I know I can just split the 3 parts and do a base64decode on the payload but I would try to avoid it, even though I am using the

verifySession

middleware one level higher. jwt.io correctly decodes everything but

jsonwebtokens

decode always returns null. I have enabled the JWT recipe so I have the jwk endpoint available but I don't know what to do with that data/if I need it. Thanks!

12/20/2021, 2:41 PM

Hi @User if you are using

verifySession

, you don't need to verify the access token yourself manually.

12/20/2021, 2:42 PM

May I ask your use case exactly? So I can point you to the right resource.

legolas8911

12/20/2021, 2:58 PM

@User I am doing that, but on a higher level. I have an GQL Federation server (which also exposes the supertokens apis, so I have access to

verifySession

) but then I'm passing the JWT forward to the federated GQL servers and I would like to validate the token there as well for an added layer of security. Since it's a different lambda function I can't use

verifySession

. I thought maybe it's possible to decode/validate the JWT on the federated service by using the

jwt/jwk.json

GET request or something, but JWKs are a big unknown to me

12/20/2021, 3:00 PM

Ahh I see. So the access token we issue isn't a JWT. It's a signed cookie, but not a JWT. So don't treat it as such

12/20/2021, 3:01 PM

If you want a JWT, then you should use the feature we released today: https://supertokens.io/docs/thirdpartyemailpassword/common-customizations/sessions/with-jwt/enabling-jwts. With this, you can extract a JWT from the session and then verify that using any standard JWT verification method.

12/20/2021, 3:01 PM

(you will need to upgrade the backend lib to the latest version though)

12/20/2021, 3:02 PM

And, you don't need to initialise the JWT recipe, as when you pass

enable: true,

to the session recipe, it internally initialises the JWT recipe.

legolas8911

12/20/2021, 3:06 PM

heh, funny thing is that jwt.io is able to properly decode it and it doesn't complain. jsonwebtoken and jose all return null, that's what got me into this rabbit hole 😄

legolas8911

12/20/2021, 3:07 PM

will do, thanks!

legolas8911

12/20/2021, 3:08 PM

hmm, strange, the

jwt/jwk.json

GET was not available until I enabled the JWT recipe, even though I have Session already. L.E. oh, I think you;re referring to the newly released feature, nevermind

12/20/2021, 3:15 PM

Yea. Haha.

legolas8911

12/20/2021, 3:17 PM

@User what version are you referring to? 8.3.0? this is the latest released and TS complains about the

enable: true

. I see some commits that might reference some work about this feature in the 8.4 branch but that hasn't been released

12/20/2021, 3:18 PM

8.3.0 is the correct version

12/20/2021, 3:18 PM

Can I see your config please?

12/20/2021, 3:19 PM

Cause the following works for me:

Copy code

ts
Session.init({
    jwt: {
        enable: true,
    },
});

legolas8911

12/20/2021, 3:20 PM

Copy code

return {
        framework: 'express' as const,
        supertokens: {
            connectionURI: process.env.SUPERTOKENS_CONNECTION_URI as string,
            apiKey: process.env.SUPERTOKENS_API_KEY as string,
        },
        appInfo: {
            appName: 'xxx',
            apiDomain: process.env.API_DOMAIN as string,
            websiteDomain: 'https://www.xxx.io',
        },
        recipeList: [
            ThirdPartyEmailPassword.init({
                providers: [
                    Github({
                        clientId: 'xxx',
                        clientSecret: 'xxx',
                        scope: ['read:user', 'user:email', 'repo'],
                    }),
                ],
            }),
            Session.init({
                cookieDomain: '.xxx.io',
                cookieSameSite: 'none',
                jwt: {
                    enable: true,
                },
            }),
            JWT.init(),
        ],
        isInServerlessEnv: true,
    };

legolas8911

12/20/2021, 3:20 PM

forgot to remove the jwt.init, removed it now

legolas8911

12/20/2021, 3:20 PM

Copy code

Argument of type '{ cookieDomain: string; cookieSameSite: "none"; jwt: { enable: boolean; }; }' is not assignable to parameter of type 'TypeInput'.
  Object literal may only specify known properties, and 'jwt' does not exist in type 'TypeInput'.ts(2345)

12/20/2021, 3:21 PM

Strange.. Can you try restarting your editor?

legolas8911

12/20/2021, 3:22 PM

that was it! thanks!

12/20/2021, 3:22 PM

great!

user

12/22/2021, 2:05 PM

Hello, I'm wondering if Supertokens support SAML idps?

12/22/2021, 2:07 PM

Hey. We don’t directly. But you can use another integration like ossoapp to integrate with SAML and then thirdparty recipe to integrate that with supertokens.

user

12/22/2021, 2:10 PM

Thanks!

Killian

12/23/2021, 2:06 AM

Hello, can Supertokens be used with React Native (Expo)?

12/23/2021, 4:48 AM

@User yea, our RN SDK will work with expo

Killian

12/24/2021, 5:31 AM

Ah cool, does it also support login with apple and Google?

12/24/2021, 5:31 AM

Yea it does. But it's a little bit complex to setup since we don't have helper functions (yet), nor docs. We can get on a call to implement it though