https://supertokens.com/ logo
#support-questions
Title
# support-questions
n

NKD

05/27/2022, 3:44 AM
Hi team! I have just finished implementing SuperTokens into my NestJS BE. I have some APIs that I'm trying to protect with "@UseGuards(AuthGuard)". I'm trying to test these protected endpoints with Postman, but have no idea how. Can someone help me? Thanks in advance!
r

rp

05/27/2022, 3:45 AM
Which recipe are you using?
n

NKD

05/27/2022, 3:46 AM
r

rp

05/27/2022, 3:46 AM
Ah right. So your only using session management?
n

NKD

05/27/2022, 3:46 AM
Yep
n

NKD

05/27/2022, 3:47 AM
I'm only using this as I won't be using a login form for my web app (I'll be authenticating users with google login)
r

rp

05/27/2022, 3:47 AM
Right. We have a recipe for social login + sessions as well
Which provides sign in with google
So you might wanna check that out too
n

NKD

05/27/2022, 3:48 AM
Can I skip the social login part? I want people to be redirected to Google signin the moment they enter my web app (it's an internal project)
r

rp

05/27/2022, 3:48 AM
Yea. Of course. You can implement that on your own and use supertoeks just for sessions
n

NKD

05/27/2022, 3:49 AM
So, to sum up, I need to create a new user session to call the API endpoints from postman?
r

rp

05/27/2022, 3:49 AM
Well. You need to create some API on your backend that creates a new session. Usually this would be the login API. In your case the api that consumes the code sent by google
And even with our third party recipe, you can implement it such that the user is directly taken to google if they are not signed in.
n

NKD

05/27/2022, 3:51 AM
So, my understanding is, the flow would be something like: User auth-ing with google -> google returns a code -> I use that code to create a new user session -> users can call my backend APIs?
r

rp

05/27/2022, 3:58 AM
Yea. Exactly!
Also keep on mind that you must provide the redirect url to google to point to your frontend app. Your frontend app should then send the code to the backend.
That’s needed cause if google calls your backend directly, then some of the session tokens will not be saved on your frontend app and it won’t work
n

NKD

05/27/2022, 4:06 AM
That's great! Thank you so much for the help!
2 Views