verifySession throwing an error
# support-questionsm
monish.chhadwa
03/24/2023, 9:20 AMI am using the supertokens middleware in our backend; and seeing this error. Is it something that I should handle?
{"type":"SessionError","message":"Failed to verify access token","stack":"Error: Failed to verify access token
at Object. (/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/accessToken.js:89:19)
at Generator.next ()
at /usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/accessToken.js:44:75
at new Promise ()
at __awaiter (/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/accessToken.js:26:16)
at Object.getInfoFromAccessToken (/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/accessToken.js:57:12)
at Object. (/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/sessionFunctions.js:105:55)
at Generator.next ()
at fulfilled (/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/sessionFunctions.js:15:36)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","errMagic":"ndskajfasndlfkj435234krjdsa","fromRecipe":"session","isBoom":true,"isServer":true,"data":null,"output":{"statusCode":500,"payload":{"status":500,"error":"Internal Server Error","message":"An internal server error occurred","code":"UNKNOWN","data":null},"headers":{}}},"msg":"Failed to verify access token"}
r
rp
03/24/2023, 9:36 AMIs it causing a 500 error to be thrown from your api?
rp
03/24/2023, 10:02 AMalso, which version of the python SDK are you using?
m
monish.chhadwa
03/24/2023, 10:35 AMYes its causing a 500 error to be thrown; we are using "supertokens-node": "^13.1.2"
Our backend framework is hapi(nodejs)
and we are using the verifySession() middleware
r
rp
03/24/2023, 10:40 AMRight. Let me have a look
rp
03/24/2023, 10:47 AMhave you added the supertokens middleware to your app?
rp
03/24/2023, 10:50 AM@kakashi_44 can help here.
m
monish.chhadwa
03/24/2023, 10:50 AMYes; its not like always crashing
So the scenario where it crashes is when the user is successfully logged in; it interacts well with our apis...all good
Now he leaves the browser open and comes back after 2-3 hours(probably the token expired by then); so our api is called...which has verifySession middleware; which throws an error
monish.chhadwa
03/24/2023, 10:50 AMBtw @rp I am the espn-cricinfo guy
r
rp
03/24/2023, 10:50 AMah yea i know
rp
03/24/2023, 10:51 AMit happens when the access token has expired
rp
03/24/2023, 10:51 AMso instead of sending back a 401, it sends a 500 for some reason
rp
03/24/2023, 10:51 AMhave you added the supertokens middleware to your app?
m
monish.chhadwa
03/24/2023, 10:52 AMYes yes; added using
supertokens.init
So all routes are working fine; including consumerOtp etc
So no issue with the middleware I guess
monish.chhadwa
03/24/2023, 10:53 AM---
So regarding the 500, should we handle it?
Or you already know how to fix, and should we upgrade the app version?
What do you suggest?
r
rp
03/24/2023, 10:53 AMSo the middleware is supposed to catch this kind of error and send a 401 to the client.
rp
03/24/2023, 10:54 AMi mean the supertokens plugin
m
monish.chhadwa
03/24/2023, 10:55 AMThis is my middleware code if it helps:
supertokens.init({
framework: 'hapi',
supertokens: {
connectionURI: appConfig.game.supertoken.url,
apiKey: 'our key',
},
appInfo: {
// learn more about this on https://supertokens.com/docs/session/appinfo
appName: 'ESPNCricinfo Games',
apiDomain: appConfig.global.baseUrl,
websiteDomain: appConfig.global.webBaseUrl,
apiBasePath: '/v1/game/auth',
websiteBasePath: '/game/auth',
},
recipeList: [
Passwordless.init({
flowType: 'USER_INPUT_CODE',
contactMethod: 'PHONE',
getCustomUserInputCode: (userContext): string => {
return Math.floor(1000 + Math.random() * 9000).toString();//to generate 4 digit codes
},
smsDelivery: {
override: originalImplementation => {
return {
...originalImplementation,
sendSms: async input => {
//my custom impl..
},
};
},
},
}),
Session.init({
getTokenTransferMethod: () => 'header',
}),
],
});
r
rp
03/24/2023, 10:56 AMrp
03/24/2023, 10:57 AMspecifically, added
await server.register(plugin);m
monish.chhadwa
03/24/2023, 10:59 AMYes added the plugin
monish.chhadwa
03/24/2023, 11:00 AMI have not added ...supertokens.getAllCORSHeaders()
I have instead specifically exposed
additionalExposedHeaders: [..., 'st-access-token', 'st-refresh-token'],
r
rp
03/24/2023, 11:00 AMthat's still ok
rp
03/24/2023, 11:01 AMlet me investigate on our side. Maybe it's a bug with the hapi framework integration that we have.
rp
03/24/2023, 11:01 AMalso, which version of hapi are you using?
m
monish.chhadwa
03/24/2023, 11:01 AMLet me verify the plugin thing
monish.chhadwa
03/24/2023, 11:03 AMI have enabled the plugin only for login routes i.e. /signinup/code
/signinup/code/resend
/signinup/code/consume
/session/refresh
/signout
monish.chhadwa
03/24/2023, 11:03 AMSo for these, its not giving any error
So which means; your plugin handles such errors and sends 401 to the client is it?
r
rp
03/24/2023, 11:03 AMyes
rp
03/24/2023, 11:03 AMso you need to enable the plugin for all routes.
m
monish.chhadwa
03/24/2023, 11:04 AMYou are awesome
Hope that fixes things
monish.chhadwa
03/24/2023, 11:04 AMThank you
r
rp
03/24/2023, 11:04 AMcan you try and see if this works?
m
monish.chhadwa
03/24/2023, 11:05 AMSure, need to replicate the scenario in my local and then fix
I have another prod issue to fix before that
Shall I confirm this to you by 8pm?
r
rp
03/24/2023, 11:06 AMyea sure.
4 Views