https://supertokens.com/ logo
Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Powered by
even for refreshing
r

Random

04/12/2023, 5:35 PM
Is it possible to subscribe to events such as refreshing a token on the frontend sdk? The use case is mostly around having a reactive state so that consumers could always use the latest JWT
r

rp

04/12/2023, 5:37 PM
hey @Random When you call session.getAccessTokenPayloadSecurely() on the frontend, it will auto refresh is needed, so you don't really need to do this. But in case you still want to, we do fire events for this: https://supertokens.com/docs/session/advanced-customizations/frontend-hooks/handle-event
import Session from "supertokens-auth-react/recipe/session";

Session.init({
    onHandleEvent: (context) => {
        if (context.action === "SIGN_OUT") {
            // called when the user clicks on sign out
        } else if (context.action === "REFRESH_SESSION") {
            // called with refreshing a session
            // NOTE: This is an undeterministic event
        } else if (context.action === "UNAUTHORISED") {
            // called when the user doesn't have a valid session but made a request that requires one
            // NOTE: This event can fire multiple times

            if (context.sessionExpiredOrRevoked) {
                // the sessionExpiredOrRevoked property is set to true if the current call cleared the session from storage
                // this happens only once, even if multiple tabs sharing the same session are open, making it useful for analytics purposes
            }
        } else if (context.action === "SESSION_CREATED") {
            // Called when session is created - post login / sign up.
        } else if (context.action === "ACCESS_TOKEN_PAYLOAD_UPDATED") {
            // This is called when the access token payload has been updated
        }
    }
})
r

Random

04/12/2023, 5:40 PM
Thanks for the response. Using 
session.getAccessTokenPayloadSecurely()
works as intended but if the token is refreshed and we need to update the websocket authentication header, it will not know as there's no dependency that has changed. I think using the event system that you've posted might be useful as i might be able to update everything that depends upon the last jwt (the idea is just to provide awareness even though the components might invoke 
session.getAccessTokenPayloadSecurely()
)
r

rp

04/12/2023, 5:41 PM
fair enough.
r

Random

04/17/2023, 7:36 PM
@rp I'm sorry for pinging you directly, i'm getting back on this topic as i've been playing around with the event handler API. Is there a way for the payload contents to actually include the "new" token instead of manually invoke 
Session.getAccessTokenPayloadSecurely
?
r

rp

04/18/2023, 6:20 AM
i don't quite understand. When you call 
Session.getAccessTokenPayloadSecurely()
, it will refresh the session if required and add the latest jwt into it.
r

Random

04/18/2023, 12:22 PM
Right now the action payload does not bring the latest token once its refreshed/created, all i was asking is if there's a way for me not to have to invoke 
Session.getAccessTokenPayloadSecurely()
as what i can about is the JWT to forward to websockets/apollo client. There's no reactive state with the default Session recipe. Let's say you have a websocket connection and at some point you're JWT expired and goes into the refresh flow. The websocket exchange will fail if it doesn't get the latest JWT which i can get from 
Session.getAccessTokenPayloadSecurely()
but i've seen sometimes refresh happening right after the session is created 🤔
r

rp

04/18/2023, 12:31 PM
so ideally, you should always call 
await Session.getAccessTokenPayloadSecurely()
when adding the JWT to the socket event. Always. > but i've seen sometimes refresh happening right after the session is created This is odd, and shouldn't happen. How can we reproduce this?
r

Random

04/18/2023, 1:07 PM
@rp I was just double checking if there was a way to have a reactive jwt as if you construct your websocket and pass the Authorization Bearer, you'll be able to have a stale jwt. I think what i'm trying to say is we need a "signal" which is the event handler so that the websocket/apollo factory can actually invoke 
Session.getAccessTokenPayloadSecurely()
. If you had to construct a React component that creates an apollo client, how would you guarantee that the token is always up-to-date? 🤔 (not even bringing the possibility of memoization as it would require having jwt as a dependency)
I'll try to explain myself better, the problem statement would be: Given a React component that has an expensive provider which requires as a dependency the "JWT", how can we guarantee that after the refresh/sign out the token will be reflected automatically to that consumer?
The current solution that i have is having a global store (zustand store) that is always up-to-sync with the Session event handler, so if you sign out or update the token it will reflect to that global store resulting in a reactive state
r

rp

04/18/2023, 1:23 PM
you need to call 
await Session.getAccessTokenPayloadSecurely()
, and that's really the only way to guarantee.
r

Random

04/18/2023, 1:24 PM
If you build a react hook/memo and invoke that method, it will end up stale if the token is refreshed, i'm i not correct? The result value is not an reactive state, it's just a promise result that once its memoized, it's memoized
If you prefer i can build up a quick GH repo and demo the JWT being stale just invoking 
Session.getAccessTokenPayloadSecurely()
in a dumb react component, you'll see that once the refresh flow/sign ou kicks in, the initial hydrated state that i was able to get using that Session method will never be in sync
r

rp

04/18/2023, 1:25 PM
yea, that's correct. I know what you mean
therefore, you should call 
await Session.getAccessTokenPayloadSecurely()
as late as possible - when you are making the network request.
r

Random

04/18/2023, 1:27 PM
How would you do that in a websocket initial handshake unless the client is not either re-built (e.g: using memo) or exposes some event handler to exchange? 🤔
Btw my solution works as we end up having JWT being a reactive state but the request here is whether its possible on events such as 
SESSION_CREATED
having the JWT/payload included
r

rp

04/18/2023, 1:30 PM
> How would you do that in a websocket initial handshake Can i see code related to this?
r

Random

04/18/2023, 1:47 PM
Sure, once i can i'll try to create a repo and share with you
r

rp

04/18/2023, 1:51 PM
thanks!
#support-questionsJoin Discord
Powered by