Completely solved the issue. Let me know where I can drop you a few bucks, you absolutely rock

Im glad it worked :)) If you'd like, you can tweet about us! And tag @supertokensio twitter account!

Hello, so I was looking at securing a backend API, but my question Is how can I prevent access to certain API endpoints for certain users. For example just say I have a user, and they are an Admin, how can I ensure only Admins can access that API endpoint?

1) When you create a new session, you need to add some metadata to the access token (like:

{role: "admin}

2) Post session verification, you can get the role from the access token, and check if it's

"admin"

. If it's not, then you can throw an error to the frontend.

Thank you, where can I find info on metadata?

which recipe are you using?

Email, and oAuth

1) https://supertokens.io/docs/thirdpartyemailpassword/common-customizations/user-roles/assigning-session-roles 2) https://supertokens.io/docs/thirdpartyemailpassword/common-customizations/user-roles/reading-role-in-api

Thank you

Can SuperToken be initialized inside Main component scope?

const App = (storeData) => {

let reduxStore;

// update store based on SuperToken events
SuperTokens.init()

}

Im asking just to be certain, it throws me an error that SuperToken is not initialized when i land on my login form.Form is rendered inside main App component of course.

It should be initialised in the global scope.

Basically, before calling any other function related to supertokens.

is there any way to apply dynamic handlers for events?

i would love to have my redux store with current user status etc

You could hold a refrrence to your redux store in the global scope and dispatch events to it from our functions

If I misunderstood your question, perhaps some code for what you are trying to do would help.

I dont think its possible in my case due to store initialization inside main component. If im not mistaken i was forced to do so because of Server Side Rendering.

Hmmm. You can have a check if this is in the client or server side by doing if (typeof window !== “undefined”)

I guess you are right, but i will try to use

EmailPasswordSignUpForm

and

EmailPasswordSignInForm

component. Seems like easier thing to do in my case.I will check if session exists on my main component and update store when user lands on my website.

Thanks for support!

Sounds good! Feel free to ask any more questions 🙂

Hello again, I have one more question, is Supertokens 100% compatiable with GraphQL, and can I access all the features as normal, especially roles?

Yea. It is 100% compatible with graphql. We even have a guide for it.

Thanks!

Hey @User, I am trying to connect my backend to the supertokens core, but I get an error when I try to log in

What’s the version of the core on the dashboard on supertokens.io? And what node SDK version are you using?

I see that the versions aren't compatible, but is there a way to update the core on the dashboard?

We can do that for you

Ah ok, I think it'll be easier for me to find a version that works with each other :)

Okay! That’s works too. If you want us to update the core, lmk 🙂