rp_st
11/01/2021, 5:50 PMverifySession
middleware.
3) You could store the user's session ID on the frontend and pass that to Hasura when you query it. Then Hasura can use a custom auth hook to query SuperTokens' core to check if the session ID is valid or not.
----------------------
Out of these, number (2) is the most secure since it doesn't expose any of the session tokens to the frontend (therby preventing token theft via XSS attacks)
(1) is the most popular since it's easy to use.
----------------------
Anyhow, you would need to host an API server which would integrate with SuperTokens' backend SDK.