https://supertokens.com/ logo
Join Discord
Powered by
Hello everyone, is there a function to read payloa...
# support-questions-legacy
k
Hello everyone, is there a function to read payload of access token in javascript backend SDK?
r
Hey! Yes there is
After session verification, you can use the session object to call session.getAccessTokenPayload()
k
Can I read it without using session?
r
Yea. There should be a similar function in the session recipe which takes a session handle as the input. Which SDK do you use?
k
nodeJs sdk
I checked it but there is no function that takes accessToken
r
getSessionInformation
it takes a session handle
and it returns an object in which there is 
accessTokenPayload
k
but i need to read the accessToken
to get sessionHandle
r
using that, you can give it a userId an get an array of their session handles
k
But I have only accessToken available. Not userId nor sesion handle
r
well, then you want to use the verifySession middleware function in your APIs
k
user sending a request to a microservice
and i m sending user's accessToken to my auth backend
r
ohh i see.
k
i need to verify and read access token without initializing a session
r
we don't recommend that you do it that way. The access token issued to the end user should not be used for microservice auth
k
I'm not using it for microservice authorization.
my microservice needs user data
r
then you should send the session handle to the microservice instead of the access token
k
ok I can use sessionHandle
r
and using the session handle, it can query supertokens to get the info required
k
But how can I read sessionHandle inside my microservice
It is inside accessToken
r
So in the API that is called from the frontend, you do verifySession correct?
k
We are not using supertoken's sdk in frontend
Is there a function to get sessionHandle inside frontend sdk?
r
on the backend SDK, how do you verify the session?
k
oh sorry
yeah I m using verifySession
Inside a middleware
r
right. So that will yield a session object. From that, you can read the sessionHandle like 
session.getSessionHandle()
then you should send that session handle to the microservice
instead of sending the access token itself.
k
I have two microservices
One of them is for crafting game items
and one of them for user-authorization(supertokens)
i need to access sessionHandle inside crafting microservice
to query data from my user-authorization endpoint
r
alright. So what I said before, doesn't that work?
k
nope
because there is no supertokens sdk
r
why not? May I misunderstand the setup
k
inside crafting microservice
r
right.
k
i can send accessToken as parameter to auth sdk
but there is no way to read sAccessToken directly without using session
i just want to take userId from accessToken
Query my database
and return data to my crafting microservice
I can verify and read accessToken from crafting microservice
or I can send accessToken to auth service
and read it there
r
So first, the access token we have is not a JWT. So using a JWT lib will not work with it.
Which is why I said, you should not send the access token itself to the crafting microservice
once you verify the session in the API that the frontend calls, you should get the session handle from it, and then send that session handle to the microservice.
is the frontend calling the crafting microservice directly?
k
yes
it is calling a gateway api
r
ahh i see.
ok ok
k
but we can pretend
we are calling the crafting microservice directly
r
right. So now, what you want to do is to enable the JWT feature in the session.init on the backend (in your auth server). This will make it so that we issue a JWT along with the session. This JWT can be read from the frontend from the access token payload. Then you send this JWT to the crafting microservice which verifies it using a standard JWT lib and can read the userId from it as you would expect.
k
there is no supertokens initalized inside gateway api
hmm
This will do it.
r
yea. I also recommend that you use our frontend lib so that you can easily read the JWT + it will take care of refreshing for you on it's own.
k
So there is no way to read accessToken outside the supertoken sdk?
I need to use jwt.
r
> So there is no way to read accessToken outside the supertoken sdk? There is, you can manually do it.. but if you are doing that, means you have architected things incorrectly.
k
Ok then
I think I have problems with my system design.
I will read the supertokens documentation again
thanks
r
it's not such a big change to fix it. Just enable the JWT fearture and send that to the crafting microservice. That's all
k
ok thanks
2 Views
PreviousNext
Powered by