Is there a way to get the client session token after using the ThirdPartyEmailPassword.emailPasswordSignIn method ? this way i can return it to clients so they can use it next time for other requests ?

Ah sorry for the thread thingy i thoughts the threads were only for like you and me like a support ticket.

ThirdPartyEmailPassword.emailPasswordSignIn -> is this being called from the frontend or backend?

backend

The answer is that you can do this by calling the Session.createNewSession function, giving it the user ID returned by emailPasswordSignIn.

Wow

Or, you can use the JWT recipe to create a new JWT with the user ID and return that JWT (this would be the recommended method if you are not using our frontend SDK). The createJWT function takes an expiry.

Oh, perfect, and then i suppose when i create a new jwt the older ones of this user expires ?

no, they don't.

Okay, i guess i can revoke them on the backend then ?

Well.. not unless you store them in a db somewhere and check against that

but if the jwt can be used to make requests while making the server know i'm loggedin basically, the server must know it no ? Or maybe i'm totally wrong

No. JWTs are stateless. Read up on them. But as a hack, what you can do is that use our metadata recipe to store the issued tokens against the userId. Then in your APIs, post jwt verification, fetch the metadata for the user, and check if the token exists in that or not. Whenever you create a new JWT, add that to the user's metadata and also remove older, expired JWTs from that metadata object.

Okay, thanks a lot 🙂 Thanks for the fast response. Keep up the awesome work.