Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Changing access token cookie path
v
vyobukhov
04/20/2023, 1:22 PMnode.js + koa: What is the proper way (if any) to not to set sAccessToken cookie but still have refresh token cookie? Or maybe to just modify it's path (now it's not configurable as I can see). Reason: we use API Gateway and JWT token but we still use refresh endpoint with a cookie. So there is no need to send access token cookie with every request everywhere except some endpoints. All the other API endpoints are handled by API Gateway and JWT in header
P. S.: header-only is not that good since (as mentioned in the docs) we loose refresh token httponly cookie
r
rp
04/20/2023, 1:25 PMwhich backend framework are you using?
v
vyobukhov
04/20/2023, 1:25 PMnode
r
rp
04/20/2023, 1:26 PMexpress?
or some other?
v
vyobukhov
04/20/2023, 1:26 PMSry, koa (added it to the question)
r
rp
04/20/2023, 1:31 PMI think with koa, you can add your own middleware (which wraps all other middlewares and apis) this way: https://stackoverflow.com/questions/31828528/how-to-make-a-middleware-based-on-koa-which-is-used-for-intercept-http-response
In your middleware, after yield next, you can get the response and manually modify the access token cookie's path to what you want
im not entirely sure if that works, cause if your API sends the response before it gives control back to your middleware, then it won't work
v
vyobukhov
04/20/2023, 1:33 PMThx, yeah, middleware was my initial option, but thought there is a way to it with supertokens itself
r
rp
04/20/2023, 1:34 PMactually the middleware approach probably won't work cause our middelware sends a response itself.
what you could do, is to create your own base response object like this: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/framework/koa/framework.ts#L96
And then in the
setCookiekeysAccessTokenctxlet response = new KoaResponse(ctx);KoaResponsev
vyobukhov
04/20/2023, 1:42 PMthx! Will try
r
rp
04/20/2023, 1:43 PMFinally, the last method could be to just fork our repo and make the change here: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/recipe/session/cookieAndHeaders.ts#L170
v
vyobukhov
04/20/2023, 1:44 PMI can prepare PR with adding this option to the config file if you are ok with it
r
rp
04/20/2023, 1:44 PMyea sure! we would be willing to merge that in