https://supertokens.com/ logo
Join Discord
Powered by
Hi, thanks a lot for the great work with this proj...
# support-questions-legacy
h
Hi, thanks a lot for the great work with this project! We are using supertokens in our fastAPI backend and react frontend. Very often, when I'm calling my protected endpoints a lot of calls are made to authenticate slowing down my the whole application for multiple seconds. I'm assuming that this happens when the refresh token is being updated. The uesr experience become very bad when this happens and we would appreciate getting some help to solve this problem. Thanks!
r
Hey @humam
Can I see an example code snippet for how you are protecting your api?
Also, are you using our managed service or self hosted core?
h
Hi, of course The example:
Copy code
@router.get(
    "/get",
    response_model=List[str],
    summary="Get all leads associated with a user.",
)
def get_leads(
    session: SessionContainer = Depends(verify_session()),
):
    try:
        leads = get_leads_for_user(session.user_id)
        return leads
    except Exception as e:
        return HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
I am using the managed service
r
How often does it slow down? Just during session refreshing? Or other times too?
h
I think only during session refreshing
r
Hmm.
h
This happens when I stop using the progrm for x amount of minutes so I'm assuming it 's refreshing
r
How much time does it take? And how many calls to the core happen? (You can see by adding core interceptor callback in the backend SDK and logging there)
h
I cannot replicate the problems because the token has already been refreshed. Is there a way for me to force it to refresh?
r
Delete the sAccessToken cookie from the frontend and call an api that uses the verify session function
h
ok thank you
I didn't know where I should start timing it but in total (including my endpoint) it took around 10secs It tried to refresh by calling INFO: 127.0.0.1:36350 - "POST /auth/session/refresh HTTP/1.1" 200 OK this did 14 calls then a call to INFO: 127.0.0.1:36360 - "GET /auth/user/email/verify HTTP/1.1" 200 OK\
r
Hmm. That’s weird. So the frontend does 14 calls to the backend to refresh the session?
Or is it the backend doing 14 calls to the core?
h
The backend is doing 14 calls. To be more precise the intercept function that I added to my backend is printing 14 times
r
So frontend to backed is 1 call to refresh, but backend to core is 14?
h
exactly
r
That’s odd
Can you enable backend debug logs and show the out when this is happening?
h
I can show you the log but I dunno if it contains any sensitive information
ok
r
You can DM it to me if u like
h
that'd be great thank you
r
In the interceptor you added, can you log out the request paths? And also, make sure you only send me the output of that interceptor for one refresh call that the frontend makes.
h
Hmm I don't really undrestand what do you mean by request paths. How can I access them inside the interceptor function? Also do you want me to disable backend debugging?
r
the 
url
argument. Print that out
h
I'm already printing it out
r
right. Can i see the output of just that?
h
ok sorry
r
and only when the frontend makes one refresh call
you can message it to me on DM
h
For some reason it's going faster now but I'll still DM you the logs
r
so one refresh from the frontend seems to be calling one refresh to the core, as expected
and then one call to verify_session call after the first refresh
is also making a query to the core, which is also expected
but from there on, using verify_session should not make any calls to the core
h
when it slows down significantly it also makes calls to /auth/user/email/verify is this expected?
r
that would be in the api call after the refresh has sent a response to the frontend
h
the interceptor function prints 7 times during this call
r
are you using email verification recipe in required mode?
h
yes
r
is the user's email is verified?
h
The profile is created using SSO so it should be verified
using google login
r
right.
Is the clock correctly set in the system in which you are running the backend sdk?
h
How can I double-check that?
r
im not sure
google current time in milliseconds and tally it with what you see on the machine?
h
I'm running my backend locally using WSL
The same issues happens when I'm deploying though
r
have you made any change to the email verification validator setting?
in the backend supertokens.init anywhere?
h
I've overridden: emailverificaion, create_new_session, thirdparty_sign_in_up_post, emailpassword_sign_up_post as well as email_verify_post
r
right
does the slowdown happen once every 10 mins or so?
h
yeah could be because it happens frequently
r
So the email verification status in the session's access token payload is updated once every 10 mins when you call verify_session
and that causes many calls to the user info GET API like you see.
but, this should only happen once every 10 mins per session
h
oh ok this could be the root cause of the problem
r
you can change the time to be like 1 hour or somethring instead of 10 mins
h
Is there anything else that I can do to stop this from happening? would making emailverificaion as Optional help?
r
you can set the time to 1 year of you want.. effectively making it never refresh
or like 100 years
h
if the account is verified then this should not be an issue?
r
correct. Unless, you manually mark it as unverified on the backend somehow, then the existing session will never know about this.. cause it never refreshes that claim
h
Interesting. I'll try with a longer time to begin with. Hopefully the issue should disappear for now
Thanks a lot for your help! I really appreciate your immediate responses man 🙂
r
i'll send over a snippet for how to do this.
lmk if this solves the issue
h
perfect! I'll let you know
r
something like this in the backend's session.init:
Copy code
def session_function_override(oI: RecipeInterface) -> RecipeInterface:
    async def new_get_global_claim_validators(
        tenant_id: str,
        user_id: str,
        claim_validators_added_by_other_recipes: List[SessionClaimValidator],
        user_context: Dict[str, Any],
    ):
        # remove certain item from claim_validators_added_by_other_recipes
        claim_validators_added_by_other_recipes = [
            validator
            for validator in claim_validators_added_by_other_recipes
            if validator.id != "st-ev"
        ]

        claim_validators_added_by_other_recipes.append(emailverification.EmailVerificationClaim.validators.is_verified(10, 10000000000))
        return claim_validators_added_by_other_recipes

    oI.get_global_claim_validators = new_get_global_claim_validators
    return oI


session.init(override=session.InputOverrideConfig(functions=session_function_override))
the indentation doesn't show properly
but 
claim_validators_added_by_other_recipes.append
line is in the function 
new_get_global_claim_validators
h
I tried once and it didn't help the same behavior happened. It tried calling /auth/user/email/verify 6times and made tons of calls to core.
r
can you show me the debug logs?
h
yeah of course
r
and only during the time of the api call
h
Hi! It's still making calls to /auth/user/email/verify
It still doesn't happen all the time but it happened after our call
r
did that expression return true?
and is this the frontend making thje call ot the backend or the backend to the core?
h
I wasn't debugging when that happened so I don' really know but I'll make sure to print the value of the expression the whole time
r
cool.
anyway, i g2g now. I don't think this is an issue in the sdk as far as i can see.
if you can highlight exactly what the issue is, i can help out when i have time next week
after you sort out the frontend issues with the apis being called multiple times
good luck 🙂
h
Ok I'll write to you when I have more input on what's happening. thanks!
2 Views
PreviousNext
Powered by