Channels
#support-questions
Title
e
execreate
04/22/2022, 8:31 AMIf I want to be able to update user roles and permissions on each access token refresh request, which method in which recipe should I overwrite? Do you have relevant documentation on that?
Is it
regenerate_access_tokenr
rp
04/22/2022, 8:34 AMhey!
So ideally, a session refresh should automatically update the access token's content to be in sync with what is in the db.
So you should not have to change how the refresh works.
Can you describe your use case in more detail?
e
execreate
04/22/2022, 8:39 AMHey, thanks for swift response:)
The thing is that I have a Profile for each
user_idcreate_new_sessioncreate_new_sessionSo my solution was to update role mappings in the access token on each access token refresh
Access tokens standard lifetime is 1 hour, right? So it would be perfect for my case to check role mappings each hour
r
rp
04/22/2022, 8:43 AMRight! Yea.. so wherever you update the user role's mapping, you should update all the sessions of that user to change the access token payload as well: https://supertokens.com/docs/session/common-customizations/sessions/update-jwt-payload#method-2-without-session-verification
If you see the above link, you can loop through all the session's of a user (using their userId) and then update that session's access token payload.
Then whenever that session refreshes, it will automatically get the update.
e
execreate
04/22/2022, 8:45 AMCool, thank you:)
Last question to get it right -- session refresh also means access token refresh and normally it happens every hour, right?
r
rp
04/22/2022, 8:45 AMyes
e
execreate
04/22/2022, 8:45 AMgreat!
r
rp
04/22/2022, 8:45 AMwell. The older access token would expire every hour. So a session refresh means a new access token + a new refresh token is issued.
e
execreate
04/22/2022, 9:15 AMI'm a little bit confused reading the documentation 😅 the function in docs iterates over the session handles...but where am I supposed to put that function?🤔 should I override
original_implementation.update_access_token_payloadsupertokens_python.recipe.session.interfaces.RecipeInterfaceI imagine something like this:
Copy code
from typing import Union, Dict, Any
from django.apps import apps
from supertokens_python.recipe.session.interfaces import RecipeInterface
from supertokens_python.recipe.session.asyncio import get_session_information
def override_functions(original_implementation: RecipeInterface):
original_implementation_update_access_token_payload = original_implementation.update_access_token_payload
async def update_access_token_payload(session_handle: str,
new_access_token_payload: Dict[str, Any],
user_context: Dict[str, Any]) -> None:
profile_role_model = apps.get_model('profile', 'ProfileRole')
user_info = await get_session_information(session_handle)
if new_access_token_payload is None:
new_access_token_payload = {}
new_access_token_payload["roles"] = {}
profile_roles = profile_role_model.objects.filter(profile__supertokens_user_id=user_info.user_id)
for profile_role in profile_roles:
if profile_role.at not in new_access_token_payload["roles"]:
new_access_token_payload["roles"][profile_role.at] = [profile_role.role]
else:
new_access_token_payload["roles"][profile_role.at].append(profile_role.role)
return await original_implementation_update_access_token_payload(session_handle,
new_access_token_payload, user_context)
original_implementation.update_access_token_payload = update_access_token_payload
return original_implementationr
rp
04/22/2022, 9:17 AMAh no. You would call those functions in the same place where you are updating the user's role
in your own API
e
execreate
04/22/2022, 9:17 AMaaah, now I get it!
r
rp
04/22/2022, 9:17 AMhehe
e
execreate
04/22/2022, 9:17 AMThank you😄
4 Views