https://supertokens.com/
Join Discord
Hi guys, are there any endpoint that only verifies the email&password, returns user information but ...
# support-questions-legacy
q
Hi guys, are there any endpoint that only verifies the email&password, returns user information but doesn't create a new session token? I'm working on backend and want to write a function which needs to verify the user with email and password (accepted as query parameters) but not the Bearer header. Currently I'm doing it with 
/auth/signin
, but it creates session tokens every time I run it. Is there a better solution?
n
Hi @qwerzl Just to clarify, you want to verify both email and password? Or just check if the user exists?
q
Just check if the user with that combination of email and password exists.
or... in another word, an 
/auth/signin
method without creating session.
n
Right so one way to do this is to use our overrides feature. - You override the sign in API and detect if the call is made to sign in/verify credentials (You can access the request object and check some custom header for example) - You pass some custom flag in the user context when calling the original implementation of the sign in API - You override create new session of the session recipe and check if the user context contains your custom flag, if it does then you skip session creation (Basically dont call original implementation) You can read about overrides in the backend here: https://supertokens.com/docs/emailpassword/advanced-customizations/backend-functions-override/usage You can read about API overrides here: https://supertokens.com/docs/emailpassword/advanced-customizations/apis-override/usage You can read about user context here: https://supertokens.com/docs/emailpassword/advanced-customizations/user-context
If you get stuck let me know here, I can help with snippets
q
thank you for the quick reply! i'll try.
n
Also @qwerzl im not 100% on this but you can try this. if it works its significantly simpler. Instead of calling the built in sign in API, you can try calling the function exposed by the recipe in your own API: 
EmailPassword.signIn
for example. I think calling the function does not create a session
q
How do I fill 
tenant_id
?
n
If you arent using multi-tenancy you can just set it to 
"public"
q
Using 
EmailPassword.signIn
is working - Thank you for that😊
n
Happy to help!
7 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by