https://supertokens.com/ logo
Join Discord
Powered by
Hello there! I'm trying to implement Supertokens i...
# support-questions
t
Hello there! I'm trying to implement Supertokens in my Angular Frontend. The following code gives me 
Object {  }
. How do i get the actual token payload? I need to check for user roles inside it.
Copy code
let accessTokenPayload = await SuperTokens.getAccessTokenPayloadSecurely();
console.log(accessTokenPayload)
Any ideas? Thanks in advance
r
Hey @ThomasK
By default it is empty. Have you added any content to it in the backend?
t
Good point, just saw i messed up something in the backend. Will get back to you later once i see if i can get it fixed! Thanks.
r
cool
t
Unfortunately the problem persists... The id of the current user is correct. I double checked the aws db if the user actually has the role and he does. But the console.log mentioned above only produces this output
doesSessionExist()
and 
getUserId()
both work perfectly fine
r
Hmm. Can you show me the value of sIRTFrontend that is set in the cookies?
Also, which SDK are you using on the frontend?
t
I'm using supertokens-website with angular
r
And the value of sFrontToken please?
Can you base 64 decode the value and show the output?
t
Sure, give me a second
Copy code
{
  "ate": 1654013814639,
  "uid": "d2fec8dc-2b50-4d2a-a159-db98c2718997",
  "up": {}
}
r
Hmm. So the access token payload content is indeed empty
How are you setting the access token payload on the backend
t
Oh, do i have to set the payload explicitly? I only used the 
emailpassword_sign_up_post
override to set the role for the new user, but didn't set any token payload data.
r
Right yea. You need to set the payload too. In the future, we would set the payload automatically, but that’s when we have a deeper integration with user roles recipe from the backend SDK
t
Okay great, i'll take a look at the documentation. Thank you so much
Just to clarify: The right way to do this right now is to set the payload data once after login (by overriding the login method) for every login call? Or do i have to do this everytime the frontend call the API? The documentation (https://supertokens.com/docs/emailpassword/common-customizations/sessions/update-jwt-payload) implemented a new route for this but i can just do this in the login override right?
Seems to work like this with session creation override(in case anyone comes across with the same question, not sure if this is the perfect approach though):
Copy code
def override_functions(original_implementation: RecipeInterface):
        original_implementation_create_new_session = original_implementation.create_new_session
        async def create_new_session(request: Any, user_id: str,
                                    access_token_payload: Union[None, Dict[str, Any]],
                                    session_data: Union[None, Dict[str, Any]], user_context: Dict[str, Any]):
            if session_data is None:
                session_data = {}
            if access_token_payload is None:
                access_token_payload = {}
            access_token_payload["roles"] = AuthHelper.get_user_roles(user_id=user_id)["roles"]
            return await original_implementation_create_new_session(request, user_id, access_token_payload, session_data, user_context)
        original_implementation.create_new_session = create_new_session
        return original_implementation
with AuthHelper.get_user_roles:
Copy code
@staticmethod
    def get_user_roles(user_id: str) -> json:
        headers = {"api-key" : config.API_KEY, "cdi-version": config.CDI_VERSION, "rid": "userroles" }
        params = {"userId": user_id}
        r = requests.get(f'{config.SUPERTOKENS_API}/recipe/user/roles', headers=headers, params=params)
        return r.json()
r
Once after login only.
Sorry, I saw your code snippet after I pasted the link above (discord didn’t load the message for me until much later)
But yea. You did it correctly!
t
Not to worry, you pointed me in the right direction nonetheless. Thanks!
4 Views
PreviousNext
Powered by