Does protected endpoints need some extra configura...
# support-questions-legacyb
bert2002
10/16/2022, 2:46 PMDoes protected endpoints need some extra configuratoin for JWT? Because I have JWT enabled (https://supertokens.com/docs/microservice_auth/jwt-creation), but a curl test on the endpoint does not work, e.g.:
Copy code
@app.get("/bla")
async def get_session_info(session: SessionContainer = Depends(verify_session())):
return truer
rp_st
10/16/2022, 2:47 PMHey
rp_st
10/16/2022, 2:48 PMVerify_session doesn’t work with jwts. It’s meant only for session management verification from the frontend
rp_st
10/16/2022, 2:48 PMFor JWT Verifciation, use any standard JWT verification lib
b
bert2002
10/16/2022, 2:49 PMDoes that mean I can not make one endpoint available for both authentication methods? (either one?)
r
rp_st
10/16/2022, 2:50 PMYou can. You make make your own middleware which tries both the verification methods
rp_st
10/16/2022, 2:51 PMverify_session takes a config which allows it to return none in case a sesion doesn’t exist. So if it returns none, try for normal JWT auth. And if that fails too, reject the request
b
bert2002
10/16/2022, 2:55 PMohhh okay thanks @rp_st sounds like a nice feature 😄