Do you support a feature where I can revoke the se...
# support-questions-legacyu
undesiredmonk
04/07/2023, 8:28 AMDo you support a feature where I can revoke the session for the user by checking a flag? When the user logs in I check for certain flags and don't create their session at all.
Copy code
Session.init({
override: {
functions: (originalImplementation) => {
return {
...originalImplementation,
createNewSession: async function (input) {
const userInfo = await ThirdPartyEmailPassword.getUserById(
input.userId
);
const userProfile = getUserProfile(userInfo.id);
if (!userProfile.disabledTemporarily) {
return originalImplementation.createNewSession(input);
}
}
}
}
}
})r
rp_st
04/07/2023, 8:33 AMhey @undesiredmonk if the flag is not set, you can return an empty session this way:
Copy code
ts
session = {
getUserId: () => undefined,
getJWTPayload: () => undefined,
revoke: async () => undefined,
updateJWTPayload: async () => undefined,
getHandle: () => undefined,
getAccessTokenLifeTimeMS: () => undefined,
getRefreshTokenLifeTimeMS: () => undefined,
getIDTokenLifeTimeMS: () => undefined,
getAntiCsrfToken: () => undefined,
getIDRefreshToken: () => undefined,
updateAntiCsrfToken: async () => undefined,
updateIDRefreshToken: async () => undefined,
revokeAllSessionsForUser: async () => undefined,
revokeMultipleSessions: async () => undefined,
revokeSession: async () => undefined,
createNewSession: async () => undefined,
};u
undesiredmonk
04/07/2023, 8:38 AMI'm adding this logic in session recipe config. How can I do it
thirdPartySignInUpPOSTr
rp_st
04/07/2023, 8:39 AMthe session recipe config is the right place for this logic
rp_st
04/07/2023, 8:39 AMcause the createNewSession function is called from the sign in / up APIs from the other recipe.
u
undesiredmonk
04/07/2023, 8:41 AMreturning
undefinedcreateNewSessionType 'undefined' is not assignable to type 'SessionContainerInterface'r
rp_st
04/07/2023, 8:41 AMyou don;t return undefined. Return an empty session object like i showed you above
rp_st
04/07/2023, 8:43 AMthe type of the above may not be 100% correct, but that TS will tell you anyway
rp_st
04/07/2023, 8:45 AMIn this link, if you scroll down a bit, you will see the code snippet for how an empty session can be returned: https://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/user-context#how-does-it-work
rp_st
04/07/2023, 8:46 AM Copy code
ts
createNewSession: async function (input) {
if (input.userContext.isSignUp) {
/**
* The execution will come here only in case
* a sign up API is calling this function. This is because
* only then will the input.userContext.isSignUp === true
* (see above code).
*/
return {
getAccessToken: () => "",
getAccessTokenPayload: () => null,
getExpiry: async () => -1,
getHandle: () => "",
getSessionData: async () => null,
getTimeCreated: async () => -1,
getUserId: () => "",
revokeSession: async () => { },
updateAccessTokenPayload: async () => { },
updateSessionData: async () => { },
mergeIntoAccessTokenPayload: async () => { },
assertClaims: async () => { },
fetchAndSetClaim: async () => { },
getClaimValue: async () => undefined,
setClaimValue: async () => { },
removeClaim: async () => { },
}; // this is an empty session. It won't result in a session being created for the user.
}
return originalImplementation.createNewSession(input);
}
}
}
}u
undesiredmonk
04/07/2023, 8:46 AMThanks I'll try and get back to you.
3 Views