SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hi folks! Question if it's possible to extract / attach the proper session headers for a SuperTokens authenticated user to a non-axios / non-fetch request. I'm using a new module for multipart form uploads and would like to use the same security approach as other endpoints.

The axios interceptors are working great elsewhere throughout my frontend, but this new Vue component is being annoying and looks like it's using XmlHttpRequest under the hood.

As long as the cookies are sent, it should work (assuming the access token is not expired)

So maybe try setting credentials include header in the request

And if you do get a 401 from the response, you can manually refresh the session and retry the request

Manually refreshing can be done via Session.attemptRefreshingSession

Yeah, i'll just have to write some kind of shim so I can mutate the headers in this lib