Give me a moment please

@User you can set the websiteDomain to something like

https://example.com

. It doesn't really matter in this case.

You cannot pass * as a domain name

yo uwill have to pass some domain name. Since yours is a chrome extension, you can use something like: https://example.com

(along with the port if any)

Did you follow this guide? https://supertokens.com/docs/session/serverless/with-netlify/auth-serverless

serverless netlify

It should be similar to https://supertokens.com/docs/session/serverless/with-netlify/auth-serverless

there is also an example of with netlify that we have: https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-netlify

there are only two APIs exposed by the session recipe as seen here: https://app.swaggerhub.com/apis/supertokens/FDI/1.12.1

signout and refresh

You should see the reference for creating a new session: https://supertokens.com/docs/session/common-customizations/sessions/new-session Basically, your frontend calls your API to login the user and that then calls the

createNewSession

function

the

createNewSession

function attaches session tokesn as cookies and sends it to the frontend. The frontend then sends the access token to your API which can use the

verifySession

function to verify the session. If the access token expires, the frontend calls the refresh API (Exposed by the middleware you implemented above). If you call the sign out function on the frontend via our SDK, it calls the sign out API exposed by the middleware as well.

That's how it works

which is used for session management.

login is something that you have made already.

Which means, you have an API that the frontend calls for logging a user?

const mysql = require("mysql2/promise"); const bcrypt = require("bcrypt"); exports.handler = async function (event, context, callback) { const sendSync = async () => { try { let body = JSON.parse(event.body); const { PLANETSCALE_CONN } = process.env; const connection = await mysql.createConnection(PLANETSCALE_CONN); const { password, email } = body; let [rows] = await connection.execute( "select id, email, hash, first_name, last_name, signup_date, subscription_date, sms, status from users where email = ?", [email] ); connection.end(); console.log(rows); if (rows.length > 0) { const user = rows[0]; const { hash, ...rest } = user; const userWithoutHash = rest; await checkUser(password, hash, userWithoutHash); } else { send({ match: false, user: {} }); } async function checkUser(password, hash, user) { //... fetch user from a db etc. const match = await bcrypt.compare(password, hash); if (match) { send({ match: true, user: user, message: "Welcome back" }); } send({ match: false, user: user, message: "Not a valid user" }); //... } //send({ message: hash, pwd }); } catch (error) { send({ match: false, user: {}, message: error }); } }; const send = (body) => { callback(null, { headers: { "Access-Control-Allow-Headers": "Content-Type", "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "POST", }, statusCode: 200, body: JSON.stringify(body), }); }; await sendSync(); };

So in this API, after you have successfully verified the credentials, you need to create a session - correct?

You can use that function in this API

What this function will do is that it will create new access and refresh tokens and attach them to the response cookies - which are sent to your frontend (As cookies)

Makes sense so far?

and our SDK works with JS too

so once the frontend gets the cookies, you can call your APIs from the frontend and the browser will attach the access token automatically.

In order to check the access token in the API, you need to use our verifySession function a shown here: https://supertokens.com/docs/session/serverless/with-netlify/session-verification

I hope this makes sense now. If it doesn't, then i think you might want to spend more time reading the docs and seeing the examlpes

But once you understand it, it's intuitive and provides exactly what you are looking for.