SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hello, I'm using `updateAccessTokenPayload` to update the the session payload and it shows the new roles when I check the JWT cookie `sAccessToken` in the browser. However when I run `await Session.getAccessTokenPayloadSecurely()` in a Next.js frontend, I still get the old values even when I see the new cookie. It only seems to update when I log out and back in and a brand new session being generated. Does this function take the values directly from the cookies or somewhere else?

Hey! The actual access token is an httpOnly cookie. So the frontend can't read that. So we have another token which contains a copy of the access token's payload which the frontend can read.

This copy token is updated automatically when you call `updateAccessTokenPayload` from the backend, as long as you have applied our frontend interceptor when making the API call. So please check that the interceptor has been applied.

Perfect! I was trying to call the API directly from the URL for testing, which doesn't include the interceptors of course!