rp
03/26/2020, 5:30 AMsessionHandle
as mentioned in this page: https://supertokens.io/docs/nodejs/usage-with-express/user-logout#call-the-revokesessionusingsessionhandle-function-api-reference-api-reference-revoke-session-using-session-handle
> there is no response sent from the /api/session/refresh example except a string saying
Check the headers that are sent from this API call. You will see new tokens there.
> How do I change the 'Signing Key' for the JWT and Refresh tokens, as these are signed with a specific key. How will I be able to set my signing keys for both?
The signing key for access token is managed by our library. You cannot set it to something specific as it is an implementation detail. This key also keeps changing over time as to not bottleneck your entire user security on this part.
The refresh token signing key is not really needed and can be ignored. We intent to remove that signing key as it provides no security benefits.
> I get an error in typescript req.session (session doesnt exist on req) and when npm installing @types/express-session I get error
If you are using SuperTokens, you do not need to use express-session
. Hence you do not need its typing either.
> it makes requests to /categories for example but it fails with "must refresh token" how do I get supertest to work
So when you get the refresh token error, you must call the refresh endpoint. This is something that's taken care by the frontend SDK which we are making for react-native. If you are using postman, to test, then you should manually call the refresh API with the cookies set.