Is it possible to change the header where the auth...
# support-questions-legacyt
trivialkettle
06/29/2023, 4:25 AMIs it possible to change the header where the authorization bearer is placed? E.g. use st-authorization instead of authorization
r
rp_st
06/29/2023, 4:48 AMHey. You can do this by writing your own interceptors on the frontend for XHR / fetch that changes the header used to your custom one
rp_st
06/29/2023, 4:49 AMThen on the backend, you can use the getSessionWithoutRequestResponse instead of using verifySession or getSession functions
t
trivialkettle
06/29/2023, 5:17 AMThanks I checked the docs. But how can I use this for the SDK API like signup etc?
r
rp_st
06/29/2023, 5:20 AMthats where your interceptors come in
rp_st
06/29/2023, 5:20 AMyour interceptors should be added to fetch / XHR before calling supertokens.init on the frontend
rp_st
06/29/2023, 5:20 AMand so API calls that go through our sdk, will go through your interceptors which will modify the header
t
trivialkettle
06/29/2023, 5:27 AMI mean on the backend, sorry
r
rp_st
06/29/2023, 5:52 AMso to the backend supertokens middleware, you give the request / response object (based on your frameworks). You can make your own request / response wrappers that conform with our BaseReqeust (https://github.com/supertokens/supertokens-node/blob/master/lib/ts/framework/request.ts) and BaseResponse (https://github.com/supertokens/supertokens-node/blob/master/lib/ts/framework/response.ts) types, and then pass those to the middleware.
In those custom wrappers, when a function like getHeaderValue(key) is called, you should check if the key is
authorizationt
trivialkettle
06/29/2023, 6:06 AMThanks, but it is still not very clear where I should do this.
I use python with flask, I think I have to overwrite the class Middleware in supertokens_python/framework/flask/flask_middleware.py?
r
rp_st
06/29/2023, 6:08 AMright yea, i don't think you can override that particular function - but you can copy it into your code base and use that instead of ours. And then wherever in the function we are wrapping the flask request with our wrapper impl, you should wrap it instead with your wrapper impl
t
trivialkettle
06/29/2023, 6:11 AMYes I thought about copy pasting it.
I found cookie_and_header.py:get_token().
I think in python I could patch just this function to extract the token not from AUTHORIZATION_HEADER but something else
r
rp_st
06/29/2023, 6:12 AMoh yea. I guess that would be the best way. But im not sure how you could patch that function specifically.
t
trivialkettle
06/29/2023, 6:13 AMI thought about monkey patch it like
cookie_and_header.get_token = my_func
trivialkettle
06/29/2023, 6:14 AMnot totally sure if this works for modules
r
rp_st
06/29/2023, 6:14 AMyou could do that. However, that's an internal function. So patch updates might break your code
rp_st
06/29/2023, 6:14 AMSo i would still recommend to go the route of a custom request wrapper
t
trivialkettle
06/29/2023, 6:16 AMIndeed. Though already thanks for the help
trivialkettle
06/30/2023, 7:01 AMI noticed that verify_session creates it's own Request object from the flask request. So it is not enough to write a custom wrapper in the Middleware class.
trivialkettle
06/30/2023, 7:03 AMBut I could modify the original flask request object like this:
request.headers.environ["HTTP_AUTHORIZATION"] = request.headers.environ.pop("HTTP_ST_AUTHORIZATION")
r
rp_st
06/30/2023, 7:29 AMRight. Verify session is another middleware which you would have to copy (just like the supertokens middleware)
rp_st
06/30/2023, 7:30 AMHowever, what you did is also fine I guess
t
trivialkettle
06/30/2023, 7:31 AMYeah, figured it out too, I have now overwritten verify session too.
4 Views