It will. But ideally you don’t want to do that as getSession sometimes modifies cookies

In your framework, how do you set headers in an API?

it looks like it exposes a

setHeader(name: string, value?: string | string[]): void

Got it. So you could add support for tsoa by implementing a few wrappers / interfaces. Examples of other frameworks are here: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/framework - Implement the

BaseRequest

class for it - Implement the

BaseResponse

class for it. - Wrap the supertokens.middleware provided by us with a middleware that works as per tsoa (if needed). - Wrap the verifySession and errorHandler middlewares with something that works with tsoa (if needed).

As I see, there are docs for express in tsoa: https://tsoa-community.github.io/docs/getting-started.html#creating-our-express-server Can you use that?

yea but the routes are generated code. I wanted to add the authentication required to a specific route

I create the express server like that

I see. So you want to add a global auth middleware?

which sets some properties in the

req

object in case a user exists?

I think that's probably a fine idea, then the check in the specific route handler just needs to check if the prop was set on req

Yea. So you can do something like this:

js
import express from "express";
import bodyParser from "body-parser";
import { RegisterRoutes } from "../build/routes";
import supertokens from "supertokens-node";
import session from "supertokens-node/recipe/session";

export const app = express();

// Use body parser to read sent json payloads
app.use(
  bodyParser.urlencoded({
    extended: true,
  })
);
app.use(bodyParser.json());

// exposes all the auth routes for the frontend to consume
app.use(supertokens.middleware());

// global session verification
app.use(session.verifySession({sessionRequired: false}), (req, res) => {
  if (req.session === undefined) {
    // no session exists
  } else {
    // session exists
    let userId = req.session.getUserId();
    // TODO: attach this userId to the request object and consume it later in your APIs?
  }
})

RegisterRoutes(app);

yea exactly, you were quicker than me 😛

haha.. to be fair, I am very familiar with how supertokens works.. so.

Lmk if this approach works for you. If not, we can brainstorm another approach

haha 👍 thanks

yup everything worked, there was a minor issue in the middleware missing the next function

i dont have a frontend yet so just testing with postman

Ah fair.

I noticed the

​/{apiBasePath}​/user​/email​/verify​/token

endpoint expects that the front end calls this, and a second email was still sent if the user didn't verify on the first. I assume Its up to the consumer of your packages to ensure that there is either rate limiting or captch to prevent email spam/abuse

Yes.

We don't have rate limiting as of yet. It's something we plan on adding eventually though

So I have my own user object in my database with some additional fields. What I've done is I've added a supertoken_id field so I can keep my user data separate and just use supertokens for auth. I have hooked into the post-auth and I just retrieve the user data I need there. Is there a way to override the user object with some custom fields, or should I just add this data into the JWT payload instead?

You mean you want to override the user object we provide to have some custom fields? If that's what you mean, then no, there isn't a way of doing that. You can: 1) Store the custom fields against the supertokens_id in your own db and fetch that whenever needed. 2) As you mentioned, store those custom fields in the JWT payload when a session is created and extract them from the session when needed. I would go with method (1) if the custom fields are retrieved rarely, whereas go with option (2) if those fields should be accessible from the frontend

||

need to be accessed very frequently.

@User i have pushed a fix for the config change we spoke about yesterday. I recommend that you upgrade to v0.0.5 and do

session.Init(nil)

again and see if it works 🙂

Awesome, thanks! Gonna get that working then try to implement some custom providers 🙂

cool!

If you do impl custom providers, consider opening a PR for it in the go repo 🙂

Hello ! I have some issues with supertokens-python with Flask. First, it’s seems to not works correctly with Gunicorn, I set the Middleware on the Flask app because I need set cookies. After some update on supertokens-python (not really proper) I’m able to create a session with cookies correctly set. But now I don’t understand how I should retrieve the session on the route handler decorated with verify_session. Do you know how I can get it ?

Hey @User , the release of supertokens-python sdk is currently in pipeline and will be released today or tomorrow. Meanwhile, you can check out branch 0.1 of supertokens-python. You can have a look at this file: https://github.com/supertokens/supertokens-python/blob/0.1/tests/auth-react/flask/app.py to see how supertokens-python can be used with flask