question about updateAccessTokenPayload()
# support-questions
f
question about updateAccessTokenPayload()
r
hey
f
hey
so, we spoke last of this function and I put it in my backendConfig() however, I need to update the access token in an api call. The example shows "SessionRequest" and I believe is written in typescript(?). I'm getting an error on "SessionRequest.session" as I'm not using typescript I assume
This code in my backendConfig() fails because I don't have the stripeSellerId yet until after they sign up with Stripe:
Copy code
SessionNode.init({
        override: {
          functions: async (originalImplementation) => {
            return {
              ...originalImplementation,
              createNewSession: async function (input) {
                const stripeSellerId = await getStripeSellerIdBySuperTokensId(
                  input.userId
                );

                input.accessTokenPayload = {
                  ...input.accessTokenPayload,
                  stripeSellerId: stripeSellerId,
                };

                return originalImplementation.createNewSession(input);
              },
            };
          },
        },
      }),
so I need to updateAccessToken() in another handler
I can't use
Copy code
useSessionContext
cause it's on the server
r
You can just ignore the
SessionRequest
typing everywherew
and use
req.session.updateAccessTokenPayload
f
is that in the docs?
I don't think so, right?
r
it is
please search for it in the sessions section in common customisations
f
do I need this in my handler? ...
Copy code
export default async function handler(req, res) {
  const userId = req.body;
  const email = await getUserEmailBySuperTokensId(userId);

  await superTokensNextWrapper(
    async (next) => {
      await verifySession()(req, res, next);
    },
    req,
    res
  );

  const currentAccessTokenPayload = req.session.getAccessTokenPayload();
the
Copy code
await superTokensNextWrapper...
I guess so
r
yes
that is used to verify a session
so you need that in order to get the
req.session
object.
f
I have that elsewhere though in
Copy code
auth/[[...path]].js
, doesn't matter right? That code can be used where ever needed I guess
r
huh?
you can use the verifySession function in any API
f
Copy code
supertokens.init(backendConfig());

export default async function superTokens(req, res) {
  // NOTE: We need CORS only if we are querying the APIs from a different origin
  await NextCors(req, res, {
    methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
    origin: process.env.NEXT_PUBLIC_HOST,
    credentials: true,
    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
  });

  await superTokensNextWrapper(
    async (next) => {
      await middleware()(req, res, next);
    },
    req,
    res
  );
  if (!res.writableEnded) {
    res.status(404).send("Not found");
  }
}
that's my [[...path]].js file
r
The
auth/[[...path]].js
file should remain the same.. no need to change that
f
right, my bad, I see it' s different logic
r
yup
f
thanks again
@rp I have another question regarding this thread, you available?
r
sure
go for it
f
ok, so is it possible to updateAccessTokenPayload() when overriding signInPOST()?
Copy code
signInPOST: async function (input) {
                if (originalImplementation.signInPOST === undefined) {
                  throw Error("Shouldn't come here")
                }
                try {
                  const response = await originalImplementation.signInPOST(input)
                  if (response.status === "OK") {
                    const {id, email} = response.user
                  }
                }
              }
r
Yes
You can get the session from
response.session
f
i'M SURE i DON'T HAVE TO VERIFYsESSION HERE, RIGHT?
sorry for caps
ah ok
r
and then do
await response.session.updateAccessTokenPayload({..})
that's if
response.status === "OK"
f
perfect
hmm, I'm getting this error ->
Copy code
error - TypeError: Cannot read properties of undefined (reading 'status')
but if I refresh browser it goes through and I see what I need to see
Copy code
signInPOST: async function (input) {
                if (originalImplementation.signInPOST === undefined) {
                  throw Error("Shouldn't come here");
                }
                try {
                  const response = await originalImplementation.signInPOST(
                    input
                  );
                  if (response.status === "OK") {
                    const { id, email } = response.user;
                    const stripeSellerId =
                      await getStripeSellerIdBySuperTokensId(id);
                    if (stripeSellerId) {
                      const currentAccessTokenPayload =
                        response.session.getAccessTokenPayload();
                      await response.session.updateAccessTokenPayload({
                        ...currentAccessTokenPayload,
                        stripeSellerId: stripeSellerId,
                      });
                    }
                  }
                } catch (err) {
                  serverLogger.error("/config/backendConfig: ", err.message);
                }
              },
r
"I refresh browser it goes through" -> huh? You mean call the API again?
f
My signin form show's an "email password" error. If I just refresh the browser leaving the same email/password in fields, it then goes through and I see the "stripeSellerId" I.
r
"email password" error -> what is this?
you mean invalid credentials error?
the code looks right.. maybe something else is happening with how you input the info. not sure
f
actually, a general error I guess
r
oh right yea.. ok
you need to return
response
from the override
f
oh duh
r
So right before the
catch
part, you need to do
return response
f
awesome, thanks again
is it possible to use updateAccessTokenPayload() to store shopping cart data?
bad idea?
r
Well, depends on what you wanna store. There is a limit of 4kb on the size of cookies. And adding stuff in access token payload includes cookie size
f
ah ok
r
Also the content Is accessible on the frontend.
So I would recommend putting it in ur db against the session handle or the user id
f
right, makes sense, thanks again
2 Views