https://supertokens.com/ logo
t

teebot

02/16/2022, 10:38 AM
Hi, I have a peculiar case to handle on react native. One of our native integration is making an authenticated call but since we're not in react native land it will not contain the cookie header. I don't know how to retrieve the cookie so that I could include it in that native call?
maybe with
getAccessTokenPayloadSecurely
?
or taking it from async storage maybe?
r

rp

02/16/2022, 10:40 AM
getAccessTokenPayloadSecurely
is in RN land, so it's not available in native land.
so you would have to read from async storage yourself manually and fetch the access token + id refresh token from there. Then add them to the cookies when making the request
t

teebot

02/16/2022, 10:40 AM
no but we can pass a message to the native
r

rp

02/16/2022, 10:40 AM
Hmmm. I see.
t

teebot

02/16/2022, 10:40 AM
if we can get the cookie content from RN it's fine
r

rp

02/16/2022, 10:41 AM
React native - native land cookie fetching
@User can help with this.
n

nkshah2

02/16/2022, 10:50 AM
@User calling getAccessTokenPayload would not retrieve the cookie headers so that wont work for you. The SDK itself relies on react-native's networking layer for cookie handling so theres no way to fetch the headers manually unfortunately
If it is an option you could try making the request itself from react native's side of things and return the response back to native (if the native module is in your control that is)
Other than that you could try and leverage React Native's native implementation of networking (okhttp on Android and URLSession on iOS) and use their cookie manager for your request too. Ill get back to you with more details on this because ill have to do a deep dive myself but these are the only options I can think of
t

teebot

02/16/2022, 10:58 AM
what we're trying now is get the content of sftoken from async-storage and then put its content into the cookie header . that should work too right?
we don't have the option of making that request from RN because it's a 3rd party integration
r

rp

02/16/2022, 10:59 AM
I don't think that the session tokens we generate are stored in async-storage.
is that right @User ?
n

nkshah2

02/16/2022, 11:01 AM
So the front token (sFrontToken) wont work as a cookie header, and yes thats right @User we dont store the session tokens in async storage
r

rp

02/16/2022, 11:02 AM
So one more idea @User is that if you could see which lib the third party integration uses and add interceptors to it, and then in your interceptors, you can make a request to the RN land and then back to the native land. Maybe that should work?
Another idea is to enable JWT in the sessions. This way, the JWT is stored in the async-storage and can be fetched via
getAccessTokenPayloadSecurely
function. Then that can be added as an authorisation bearer token to the request made by the third party, and your APIs would then need to also be able to verify a JWT as an alternate was of doing sessions.
t

teebot

02/16/2022, 11:09 AM
ok thanks that's indeed 2 good options
are you sure we can get the access token from
getAccessTokenPayloadSecurely
? it seemed to be only the payload of the JWT without its signature
can't we use directly storage's
sFrontToken
as JWT token ?
r

rp

02/16/2022, 11:14 AM
So the session contains the access token, which is a signed cookie. In that, you have the access token payload which can be fetched via
getAccessTokenPayloadSecurely
. If you enable JWT, we create a separate JWT and put that inside the session's access token payload with the key as
jwt
(by default). So if you do
await getAccessTokenPayloadSecurely()["jwt"]
, you will actually get the JWT string which you can then pass to your backend
t

teebot

02/16/2022, 11:26 AM
this is the content I get from getAccessTokenPayloadSecurely :
Copy code
{
  "phoneNumber": "+32468214620"
}
r

rp

02/16/2022, 11:26 AM
Have you enabled JWT on the backend?
t

teebot

02/16/2022, 11:28 AM
ah damn no
ok doing this
r

rp

02/16/2022, 11:28 AM
hehe ok
t

teebot

02/16/2022, 11:28 AM
so we'll be able to use both JWT and session with this right?
r

rp

02/16/2022, 11:28 AM
Yea
t

teebot

02/16/2022, 12:43 PM
So we still don't have a jwt in the getAccessTokenPayloadSecurely in a new login with
Copy code
Session.init({
        jwt: {
          enable: true
        }
      })
could it because of this override?
Copy code
const session = await Session.createNewSession(
                  input.options.res,
                  user.id,
                  {
                    // we are adding the phoneNumber to the access token payload.
                    // This will also be accessible in all API calls + on the frontend.
                    phoneNumber
                  },
                  {}
                );
r

rp

02/16/2022, 12:44 PM
hmm. That's odd
Can you please open a github issue about this and we shall have a look asap
n

nkshah2

02/16/2022, 12:50 PM
What output do you get when you call get access token payload?
Also what sdk and version are you using for the backend?
t

teebot

02/16/2022, 12:52 PM
oh wait it was a brainfart we actually have it !
sorry about this
r

rp

02/16/2022, 12:53 PM
oh great!
n

nkshah2

02/16/2022, 1:02 PM
Glad it works!
t

teebot

02/16/2022, 1:27 PM
yes I can confirm it totally works! awesome
thx for your help and super quick reaction 💪 💪 💪
2 Views