https://supertokens.com/ logo
Changing access token cookie path
v

vyobukhov

04/20/2023, 1:22 PM
node.js + koa: What is the proper way (if any) to not to set sAccessToken cookie but still have refresh token cookie? Or maybe to just modify it's path (now it's not configurable as I can see). Reason: we use API Gateway and JWT token but we still use refresh endpoint with a cookie. So there is no need to send access token cookie with every request everywhere except some endpoints. All the other API endpoints are handled by API Gateway and JWT in header
P. S.: header-only is not that good since (as mentioned in the docs) we loose refresh token httponly cookie
r

rp

04/20/2023, 1:25 PM
which backend framework are you using?
v

vyobukhov

04/20/2023, 1:25 PM
node
r

rp

04/20/2023, 1:26 PM
express?
or some other?
v

vyobukhov

04/20/2023, 1:26 PM
Sry, koa (added it to the question)
r

rp

04/20/2023, 1:31 PM
I think with koa, you can add your own middleware (which wraps all other middlewares and apis) this way: https://stackoverflow.com/questions/31828528/how-to-make-a-middleware-based-on-koa-which-is-used-for-intercept-http-response In your middleware, after yield next, you can get the response and manually modify the access token cookie's path to what you want
im not entirely sure if that works, cause if your API sends the response before it gives control back to your middleware, then it won't work
v

vyobukhov

04/20/2023, 1:33 PM
Thx, yeah, middleware was my initial option, but thought there is a way to it with supertokens itself
r

rp

04/20/2023, 1:34 PM
actually the middleware approach probably won't work cause our middelware sends a response itself.
what you could do, is to create your own base response object like this: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/framework/koa/framework.ts#L96 And then in the
setCookie
function, set the path you want if the
key
is
sAccessToken
. Then whenever you call getSession / verifySession, you can pass your custom implementation of the base response to it instead of passing the
ctx
directly. For the middleware, you can make your own middleware (copy this code here: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/framework/koa/framework.ts#L179), and then change the
let response = new KoaResponse(ctx);
line to just wrap ctx with your custom
KoaResponse
impl.
v

vyobukhov

04/20/2023, 1:42 PM
thx! Will try
r

rp

04/20/2023, 1:43 PM
Finally, the last method could be to just fork our repo and make the change here: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/recipe/session/cookieAndHeaders.ts#L170
v

vyobukhov

04/20/2023, 1:44 PM
I can prepare PR with adding this option to the config file if you are ok with it
r

rp

04/20/2023, 1:44 PM
yea sure! we would be willing to merge that in