SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hi, I am trying to integrate Supertokens with echo-labstack. I followed this example https://github.com/supertokens/supertokens-golang/blob/master/examples/with-labstack-echo/main.go. Echo advocates to return errors from your Handlers, which will then be handled by their HTTP Error Handler (which you can customize). This works fine until I introduce the session.VerifySession in my middleware, as per the example (wrap it to turn it into a echo.MiddlewareFunc). As soon as I use this middleware on my routes, they always return `200` (empty body), no matter how may errors I return from my handlers. As soon as I remove the session.VerifySession echo'fied middleware, I get the actual errors. It seems as if the session.VerifySession middleware is *swallowing* the echo error and just returning a `200` instead. Anybody any idea what could be causing this?

<@908641146379579433> can help here when he has time

<@908641146379579433> may take sometime / a few days to reply. However, in the meantime, you can replace our verifySession functin with a simple JWT verification library: https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/jwt-verification

or even use getSession instead: https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session

Like so?

```
func CustomVerifySession(options *sessmodels.VerifySessionOptions) echo.MiddlewareFunc {
    return func(next echo.HandlerFunc) echo.HandlerFunc {
        return func(c echo.Context) error {
            sessionContainer, err := session.GetSession(c.Request(), c.Response(), options)
            if err != nil {
                if defaultErrors.As(err, &errors.TryRefreshTokenError{}) {
                    // This means that the session exists, but the access token
                    // has expired.
                    return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
                } else if defaultErrors.As(err, &errors.UnauthorizedError{}) {
                    // This means that the session does not exist anymore.
                    return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
                } else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
                    // The user is missing some required claim.
                    // You can pass the missing claims to the frontend and handle it there. Send a 403 to the frontend.
                    return echo.NewHTTPError(http.StatusForbidden, err.Error())
                }
            }

            if sessionContainer != nil {
                c.Set("session", sessionContainer)
            }

            return next(c)
        }
    }
}
```

Basically copied from https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session#building-your-own-custom-middleware and adapted for Echo

hey <@358709339508178944> , we have updated the example with a fix.