Hi! I'm trying to implement unified user authentication for multiple private services. I was imagining that each service would provide the users credentials alongside with a service identifier, which would then get packed into the JWT as the

aud

claim. The client would then use the JWT for requests with the service thereafter. I took a look at https://app.swaggerhub.com/apis/supertokens/FDI/1.18.0#/EmailPassword%20Recipe/signIn for the prebuilt backend, but I couldn't find a way to pass this id anywhere. What's the easiest way for me to do this?

Hey @f1yingbanana could you elaborate on your use case with an example? For example, I don’t understand why each server would need to pass user credentials.

Sure! Imagine that each server is a separate app. They would need to authenticate the user first before serving any further requests for them.

Right. I see.

That's right! I'm actually playing around with the pre-built backend and trying to see if I can get it to work with the least amount of modifications 😛 that's why I was looking at the list of API of this prebuilt backend to see if there's some way for me to pass this custom

aud

claim in. I couldn't find it and here I am. What do you think is the easiest way for me to implement this?

This is the only way to modify the claims: https://supertokens.com/docs/session/common-customizations/sessions/claims/access-token-payload

Looks like I'm trying to modify the right place! But what I'm having trouble is how to read the custom

aud

from the request and pass that into the session creation. I don't see any way to pass any custom parameters in the backend API: https://app.swaggerhub.com/apis/supertokens/FDI/1.18.0#/EmailPassword%20Recipe/signIn.

This might help: https://supertokens.com/docs/session/advanced-customizations/user-context/custom-request-properties

That did the trick, thank you! Btw those two pages have the same content 😛

Ah okay. They are in different recipes. So the content is replicated