If I want to be able to update user roles and perm...
# support-questionse
execreate
04/22/2022, 8:31 AMIf I want to be able to update user roles and permissions on each access token refresh request, which method in which recipe should I overwrite? Do you have relevant documentation on that?
Is it
regenerate_access_tokenr
rp
04/22/2022, 8:34 AMhey!
rp
04/22/2022, 8:34 AMSo ideally, a session refresh should automatically update the access token's content to be in sync with what is in the db.
rp
04/22/2022, 8:34 AMSo you should not have to change how the refresh works.
rp
04/22/2022, 8:34 AMCan you describe your use case in more detail?
e
execreate
04/22/2022, 8:39 AMHey, thanks for swift response:)
The thing is that I have a Profile for each
user_idcreate_new_sessioncreate_new_sessionexecreate
04/22/2022, 8:40 AMSo my solution was to update role mappings in the access token on each access token refresh
execreate
04/22/2022, 8:41 AMAccess tokens standard lifetime is 1 hour, right? So it would be perfect for my case to check role mappings each hour
r
rp
04/22/2022, 8:43 AMRight! Yea.. so wherever you update the user role's mapping, you should update all the sessions of that user to change the access token payload as well: https://supertokens.com/docs/session/common-customizations/sessions/update-jwt-payload#method-2-without-session-verification
If you see the above link, you can loop through all the session's of a user (using their userId) and then update that session's access token payload.
Then whenever that session refreshes, it will automatically get the update.
e
execreate
04/22/2022, 8:45 AMCool, thank you:)
Last question to get it right -- session refresh also means access token refresh and normally it happens every hour, right?
r
rp
04/22/2022, 8:45 AMyes
e
execreate
04/22/2022, 8:45 AMgreat!
r
rp
04/22/2022, 8:45 AMwell. The older access token would expire every hour. So a session refresh means a new access token + a new refresh token is issued.
e
execreate
04/22/2022, 9:15 AMI'm a little bit confused reading the documentation 😅 the function in docs iterates over the session handles...but where am I supposed to put that function?🤔 should I override
original_implementation.update_access_token_payloadsupertokens_python.recipe.session.interfaces.RecipeInterfaceexecreate
04/22/2022, 9:16 AMI imagine something like this:
Copy code
from typing import Union, Dict, Any
from django.apps import apps
from supertokens_python.recipe.session.interfaces import RecipeInterface
from supertokens_python.recipe.session.asyncio import get_session_information
def override_functions(original_implementation: RecipeInterface):
original_implementation_update_access_token_payload = original_implementation.update_access_token_payload
async def update_access_token_payload(session_handle: str,
new_access_token_payload: Dict[str, Any],
user_context: Dict[str, Any]) -> None:
profile_role_model = apps.get_model('profile', 'ProfileRole')
user_info = await get_session_information(session_handle)
if new_access_token_payload is None:
new_access_token_payload = {}
new_access_token_payload["roles"] = {}
profile_roles = profile_role_model.objects.filter(profile__supertokens_user_id=user_info.user_id)
for profile_role in profile_roles:
if profile_role.at not in new_access_token_payload["roles"]:
new_access_token_payload["roles"][profile_role.at] = [profile_role.role]
else:
new_access_token_payload["roles"][profile_role.at].append(profile_role.role)
return await original_implementation_update_access_token_payload(session_handle,
new_access_token_payload, user_context)
original_implementation.update_access_token_payload = update_access_token_payload
return original_implementationr
rp
04/22/2022, 9:17 AMAh no. You would call those functions in the same place where you are updating the user's role
rp
04/22/2022, 9:17 AMin your own API
e
execreate
04/22/2022, 9:17 AMaaah, now I get it!
r
rp
04/22/2022, 9:17 AMhehe
e
execreate
04/22/2022, 9:17 AMThank you😄
4 Views