We also found another scenario where our logs showed a lot o SuperTokens.com #support-questions-legacy

We also found another scenario where our logs show...

n1ru4l

09/09/2022, 12:49 PM

We also found another scenario where our logs showed a lot of

[object Object]

logs, we pinned it down to the following code within our Next.js application:

Copy code

const { backendConfig } = await import('@/config/backend-config');
const SupertokensNode = await import('supertokens-node');
const Session = await import('supertokens-node/recipe/session');
SupertokensNode.init(backendConfig());

// this throws the error
const session = await Session.getSession(context.req, context.res, { sessionRequired: false });

After debugging the error and manually printing it this is the actual error:

Copy code

SessionError {
  type: 'TRY_REFRESH_TOKEN',
  message: 'Access token has expired. Please call the refresh API',
  payload: undefined,
  errMagic: 'ndskajfasndlfkj435234krjdsa',
  fromRecipe: 'session'
}

It seems like the error is not properly stringified (does not correctly extend/implement the Error class) as it seems to not pass the

nextjs

isError

check? Here is our debugging branch for figuring this out: https://github.com/kamilkisiela/graphql-hive/commit/63e66ab48335a3173d870c07a9510734b7f3c4af Furthermore, as this appears over and over again we also believe that this error is not properly handled on the frontend (

supertokens-auth-react

). I assume that if this happens the session cookies should be unset. Happy to open an issue on GitHub if there is no clear solution to this issue!

rp_st

09/09/2022, 1:22 PM

hey!

rp_st

09/09/2022, 1:25 PM

When a user is deleted, their session tokens from the db are deleted. Since session verification is stateless, there is no way for the frontend to know that the session tokens should be removed unless it does a refresh - in which case the session tokens will be removed. But if before the refresh, the email verification API is called, then the error you are seeing will be generated. It does make sense to handle this error by removing the session tokens in this case and we can make that change. Please do open a github issue about it. We will also fix the error printing issue. Thanks!

n1ru4l

09/09/2022, 1:25 PM

(btw these and the other verify issue are separate things)

rp_st

09/09/2022, 1:26 PM

right. You mean the error stringify issue and the email verification one right?

n1ru4l

09/09/2022, 1:26 PM

yes

n1ru4l

09/09/2022, 1:26 PM

i will open issues

rp_st

09/09/2022, 1:26 PM

Cool!

rp_st

09/09/2022, 1:27 PM

thank you so much :))

n1ru4l

09/09/2022, 1:31 PM

BTW should the TRY_REFRESH_TOKEN error be forwarded to the frontend? or should I handle it in my business logic?

n1ru4l

09/09/2022, 1:32 PM

this actually happens within next.js

getServerSideProps

so I assume it should attempt trying to create a new access token... but I am unsure...

n1ru4l

09/09/2022, 1:35 PM

I think I just answered the question by looking at docs 😄

n1ru4l

09/09/2022, 1:35 PM

https://github.com/supertokens/docs/blob/22b877e48de04de7648f957f8158d6e103c59cd2/v2/emailpassword/nextjs/session-verification/in-ssr.mdx#1-we-use-getsession-in-getserversideprops

rp_st

09/09/2022, 1:36 PM

> BTW should the TRY_REFRESH_TOKEN error be forwarded to the frontend? or should I handle it in my business logic? You should propogate this to the frontend.

rp_st

09/09/2022, 1:36 PM

or rather to the supertokens error handler

rp_st

09/09/2022, 1:37 PM

Have a look at this for nextjs: https://supertokens.com/docs/thirdpartyemailpassword/nextjs/session-verification/in-ssr

2 Views

Previous Next