How can I get userContext from session on FE? We are using supertokens SDK and we have to pass auth headers from first factor to second factor api. When using react example this is done automatically

Hey. I don’t quite understand this question. Can you rephrase?

Yeah. So we are implemeting our own frontend for supertokens. We have 2fa recipes setup (thirdparty + passwordless) When going from thirdparty to passwordless scree we can send raw request like this:

result = await executeSupertokensApiRequest(
        `/${tenantId}/signinup/code`,
        {
          phoneNumber: testUserPhoneNumber,
        },
        'POST',
        {
          rid: 'passwordless',
          Authorization: `Bearer ${accessToken}`,
        },
      );

The key here is that we are passing authorization header where we use the token that we got from previous request. Since we want to avoid writing raw http request, we are wondering if this can be achieved by SDK.

Oh yea, you should use the passwordless recipe on the frontend SDK. It has passwordless.createCode function

The problem we are facing is that token is not passed, so session doesn't exist. If you check official (https://supertokens.com/docs/mfa/backend/second-factor#4-validating-the-phone-number) example on BE:

/*This API is called to send an OTP*/
                createCodePOST: async function (input) {
                    /**
                    * We want to make sure that the OTP being generated is for the
                    * same number that belongs to this user.
                    */

                    // A session should already exist since this should be called after the first factor is completed.
                    // We remove claim checking here, since this needs to be callable without the second factor completed
                    let session = await Session.getSession(input.options.req, input.options.res, {
                        overrideGlobalClaimValidators: () => [],
                    });

                    let phoneNumber: string = session!.getAccessTokenPayload().phoneNumber;

                    if (phoneNumber !== undefined) {
                        // this means we found a phone number associated to this user.
                        // we will check if the input phone number is the same as this one.
                        if (!("phoneNumber" in input) || input.phoneNumber !== phoneNumber) {
                            throw new Error("Input phone number is not the same as the one saved for this user");
                        }
                    }

                    return oI.createCodePOST!(input);
                },

it requires session. Frontend team is using this library: https://github.com/supertokens/supertokens-web-js

Right. Can I see the frontend’s session.init?

I've check with FE, init is empty. I'll include someone from FE into discussion.

If it’s empty, then supertokens uses cookies based auth for web. How do you have the authorization token on the frontend in this case?

Example above with raw request is from unit tests on BE. Not sure about FE, @sbugarski knows more 🙂

We fixed it, tnx.