Is there a way to have a hybrid scheme on how the access tokens are stored. In our case we have both our web app in nextjs and a chrome extension. For the web app I am fine with using cookies and it works well. However, browser extensions don't really support cookies and the suggested metholodogy for storing credentials seems to be to use localstorage with a JWT. I see that super tokens supports JWT, but I don't want to switch our nextjs application to JWT too if possible. Can I change the type based on a header or some configuration?

hey @marshmalon if you enable JWTs, that too requires a session to be stored in cookies for it to work. What you can do, is to have two entirely separate modes of sessions: - one is the default way we do it (for nextjs) - one you can write your own that creates a JWT and send that in the response body of sign in. You can do this by overriding the

createNewSession

and

getSession

recipe functions of the session recipe. When making a request from the chrome extension, you can add some custom header indicating it's a chrome extension and then override the

createNewSession

function on the backend to check if this header is present. If it is, then you can create a JWT in that function and attach that to the response headers. Else, you can call the originalImplementation (for nextJS) When overriding

getSession

, you can check if the input is a JWT authorisation bearer token. If it is, you can verify that using any JWT verification lib and return a session object. Else you can call the call the originalImplementation (for nextJS). Docs that you might need for this: - https://supertokens.com/docs/session/advanced-customizations/backend-functions-override/usage - https://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/user-context (Im not sure which recipe you are using, but the above one is for session + thirdpartyemailpassword)

Sweet this is the exact answer I was looking for

Cool. This might get a little complex to implement since we have no examples of this. But feel free to ask questions as you go along