https://supertokens.com/ logo
disable creation of a session
u

undesiredmonk

04/07/2023, 8:28 AM
Do you support a feature where I can revoke the session for the user by checking a flag? When the user logs in I check for certain flags and don't create their session at all?
r

rp

04/07/2023, 8:33 AM
hey @undesiredmonk if the flag is not set, you can return an empty session this way:
ts
session = {
                getUserId: () => undefined,
                getJWTPayload: () => undefined,
                revoke: async () => undefined,
                updateJWTPayload: async () => undefined,
                getHandle: () => undefined,
                getAccessTokenLifeTimeMS: () => undefined,
                getRefreshTokenLifeTimeMS: () => undefined,
                getIDTokenLifeTimeMS: () => undefined,
                getAntiCsrfToken: () => undefined,
                getIDRefreshToken: () => undefined,
                updateAntiCsrfToken: async () => undefined,
                updateIDRefreshToken: async () => undefined,
                revokeAllSessionsForUser: async () => undefined,
                revokeMultipleSessions: async () => undefined,
                revokeSession: async () => undefined,
                createNewSession: async () => undefined,
            };
And this won't really create a session on the frontend.
u

undesiredmonk

04/07/2023, 8:38 AM
I'm adding this logic in session recipe config. How can I do it
thirdPartySignInUpPOST
r

rp

04/07/2023, 8:39 AM
the session recipe config is the right place for this logic
cause the createNewSession function is called from the sign in / up APIs from the other recipe.
u

undesiredmonk

04/07/2023, 8:41 AM
returning
undefined
from
createNewSession
throws
Type 'undefined' is not assignable to type 'SessionContainerInterface'
r

rp

04/07/2023, 8:41 AM
you don;t return undefined. Return an empty session object like i showed you above
the type of the above may not be 100% correct, but that TS will tell you anyway
In this link, if you scroll down a bit, you will see the code snippet for how an empty session can be returned: https://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/user-context#how-does-it-work
ts
createNewSession: async function (input) {
                            if (input.userContext.isSignUp) {
                                /**
                                 * The execution will come here only in case
                                 * a sign up API is calling this function. This is because
                                 * only then will the input.userContext.isSignUp === true
                                 * (see above code).
                                 */
                                return {
                                    getAccessToken: () => "",
                                    getAccessTokenPayload: () => null,
                                    getExpiry: async () => -1,
                                    getHandle: () => "",
                                    getSessionData: async () => null,
                                    getTimeCreated: async () => -1,
                                    getUserId: () => "",
                                    revokeSession: async () => { },
                                    updateAccessTokenPayload: async () => { },
                                    updateSessionData: async () => { },
                                    mergeIntoAccessTokenPayload: async () => { },
                                    assertClaims: async () => { },
                                    fetchAndSetClaim: async () => { },
                                    getClaimValue: async () => undefined,
                                    setClaimValue: async () => { },
                                    removeClaim: async () => { },
                                }; // this is an empty session. It won't result in a session being created for the user.
                            }
                            return originalImplementation.createNewSession(input);
                        }
                    }
                }
            }
u

undesiredmonk

04/07/2023, 8:46 AM
Thanks I'll try and get back to you.