https://supertokens.com/ logo
Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Powered by
Title
e

execreate

10/19/2022, 10:19 AM
One more question -- when using MFA the 
create_new_session
call will get the 
user_id
from the latest recipe used in MFA flow, is that right? So how do I override the 
user_id
to contain the ID from the very first recipe in my MFA flow?
For instance, I am using Passwordless OTP as first factor and EmailPassword (PhoneNumberPassword actually) as the second factor. I want my users to have the Passwordless recipe 
user_id
. I can get that ID this way: 
python
passwordless_user_id = get_user_by_phone_number(old_session.get_access_token_payload().get("phoneNumber")).id
And then is it enough to pass that ID to 
original_implementation_create_new_session
as 
user_id
?
n

nkshah2

10/19/2022, 10:23 AM
Right one way to do this is to check if a session already exists when the PhonenumberPassword sign in/up is called. If it does exist then you can get the user id from the session
You would need to override the api for this, and then you pass the existing user id as user context when calling the original function
Then in create_new_session the user id should be present in the user context, you can then override that function and use the value from user context to set a user id for the session
https://supertokens.com/docs/emailpassword/advanced-customizations/user-context
If you need help with specifics we can get on call and I can help
e

execreate

10/19/2022, 10:26 AM
Totally forgot about the user-context, thanks! So I assume passing the desired user_id into the 
original_implementation.create_new_session
should be fine I think I'm almost there with my implementation 🙂
n

nkshah2

10/19/2022, 10:26 AM
Yep that should work
e

execreate

10/19/2022, 10:47 AM
One more question -- global claim validator 
SecondFactorCompletedClaim.validators.has_value(True)
does not fail if token does not contain the claim at all, is that right?
n

nkshah2

10/19/2022, 10:48 AM
@KShivendu can answer that better
r

rp

10/19/2022, 10:57 AM
It will try and fetch the claim value from the second factor claim first, and then based on that, it will check if that claim is true or not.
The fetch value function on second factor claim returns false I think. So if the claim is not defined, it will first call the fetch value function, which will set it to false, and then it will check if the value is true or not - in this case, failing
e

execreate

10/19/2022, 11:03 AM
@rp Thanks a lot 🙂
#support-questionsJoin Discord
Powered by