So the dashboard revoke session doesn't work with third party logins? Anyone else experiencing this?...

matth_na

11/13/2023, 7:05 AM

So the dashboard revoke session doesn't work with third party logins? Anyone else experiencing this? EDIT: Manually revoking session in the API works, haven't tested signout yet.

rp_st

11/13/2023, 8:13 AM

hey @matth_na dashboard revoking is an offline revoking method, and it will only reflect on the user's session when it tries and refreshes.

matth_na

11/13/2023, 8:33 AM

🤔 so it will still be a valid session and everything until the session expires? is there any way to manually revoke a users session besides the client side?

matth_na

11/13/2023, 8:33 AM

Asking as a security measure for a project.

rp_st

11/13/2023, 8:57 AM

https://supertokens.com/docs/session/common-customizations/sessions/access-token-blacklisting

rp_st

11/13/2023, 8:58 AM

though this method will probably slow down your APIs, so you may want to add them on a select few APIs and not all. You could also use some sort of an intermediate solution where in on every page navigation, you query an API that calls verifySession with checkDatabase: true, and this way, after offline revocaiton, if the user reloads the page or navigates, they should be logged out.

matth_na

11/13/2023, 10:22 AM

Is there anywhere that the API is documented? Wanting to see a full list of all methods and options like a standard API list and not documentation?

matth_na

11/13/2023, 10:23 AM

that's a good idea, thank you. Every page load it grabs info from the API via

/user/me

(custom API route) that returns data and stores it in a Pinia (VueJS) store. So this should work

rp_st

11/13/2023, 12:04 PM

Yup! You can see all the node SDK reference is here: supertokens.com/docs/nodejs

10 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).