https://supertokens.com/ logo
getting access token manually
r

rp

04/03/2023, 2:42 PM
Is there a way to get the client session token after using the ThirdPartyEmailPassword.emailPasswordSignIn method ? this way i can return it to clients so they can use it next time for other requests ?
hey @TeK here is the question you had asked.
t

TeK

04/03/2023, 2:43 PM
Ah sorry for the thread thingy i thoughts the threads were only for like you and me like a support ticket.
r

rp

04/03/2023, 2:44 PM
ThirdPartyEmailPassword.emailPasswordSignIn -> is this being called from the frontend or backend?
t

TeK

04/03/2023, 2:44 PM
backend
i have no frontend
r

rp

04/03/2023, 2:44 PM
The answer is that you can do this by calling the Session.createNewSession function, giving it the user ID returned by emailPasswordSignIn.
t

TeK

04/03/2023, 2:44 PM
Wow
That's incredible, how do i then manage the expiry etc?
r

rp

04/03/2023, 2:45 PM
Or, you can use the JWT recipe to create a new JWT with the user ID and return that JWT (this would be the recommended method if you are not using our frontend SDK). The createJWT function takes an expiry.
t

TeK

04/03/2023, 2:45 PM
Oh, perfect, and then i suppose when i create a new jwt the older ones of this user expires ?
r

rp

04/03/2023, 2:46 PM
no, they don't.
JWTs expire only when their expiry time has passwed.
t

TeK

04/03/2023, 2:46 PM
Okay, i guess i can revoke them on the backend then ?
r

rp

04/03/2023, 2:47 PM
Well.. not unless you store them in a db somewhere and check against that
t

TeK

04/03/2023, 2:48 PM
but if the jwt can be used to make requests while making the server know i'm loggedin basically, the server must know it no ? Or maybe i'm totally wrong
r

rp

04/03/2023, 2:49 PM
No. JWTs are stateless. Read up on them. But as a hack, what you can do is that use our metadata recipe to store the issued tokens against the userId. Then in your APIs, post jwt verification, fetch the metadata for the user, and check if the token exists in that or not. Whenever you create a new JWT, add that to the user's metadata and also remove older, expired JWTs from that metadata object.
t

TeK

04/03/2023, 2:50 PM
Okay, thanks a lot 🙂 Thanks for the fast response. Keep up the awesome work.