Hello How can I validate authen with supertokens i...
# support-questions
r
Hello How can I validate authen with supertokens in gRPC in Go (Gin-gonic)? Thank you
r
hey! So supertokens sessions only works with http. For grpc, you can enable JWT with our sessions, extract the JWT on the frontend from the sessions, and pass that in the gRPC requests.
r
Okie, I will try it. Thank you ~~
r
feel free to ask more questions if you get stuck 🙂
r
Certainly ~~
hello @rp , can we retrieve the "Access token" from the requests manually?
Currently we have another services that need to validate their received request, we want to get the access token and send it to the auth service to validate it, how can we achieve it? Thank you
r
hey @Ren Lynro So this is backend to backend communication right?
r
Correct, we communicate through gRPC 😻
r
Okay. And do you have the session object in your APIs?
that you get from using VerifySession middleware
r
No the other services don't have the session, only the auth service got access to the supertokens
we intend to deploy using the same domain though
r
So when you say "we want to get the access token" -> which API is this from? Does that API recieve a JWT or a supertokens cookie access token?
r
It's the supertokens cookie access token
If i understand correctly, Supertokens will attach the access token to each api in need of authorize right?
r
Yes.
right. So then you do have access to the session object in that API which receives the cookie?
if you do have that, then you can do
session.GetAccessToken()
Or, are you talking about the JWT (since in our previous conversation, I had asked you to enable JWT feature)
r
I mean the other services don't get access to the supertokens service, only the auth service have the config and lib, so they can't use any helper from supertokens lib So I want to manually retrieve the session of supertokens
r
But the cookie are sent to those services?
I mean, the API which the frontend queries, does that get the supertokens' cookies? If yes, how do you verify those if you don't use our lib?
r
I intend to do something like this Did i misunderstand anything? @@
r
Alright yea! So the front to auth makes sense. The front to others is grpc?
r
Ah no, the other is restful as normal, just backend communication is gRPC
r
I see. So the front to other also makes sense. And it will be cookie based.
Now, to verify the session in other, you will have to use our golang lib and initialise the session recipe there
And then we have a middleware like VerifySession which you can use to verify the session from the cookies. That function does everything that’s required to check if a session is fine or not
Once that function runs successfully, it will attach a session object in the context which you can get in your API logic. Using that session object, you can get the JWT from it (as shown in the link above) and send that to other micro services which can go about doing normal JWT verification.
So for the “others” part, you may wanna check out our sessions only recipe setup: https://supertokens.com/docs/session/quick-setup/backend
Hope this clarifies things
r
so i need to init the super token for all the service in need of session verify, right?
r
Yes. Cookies based that is. So essentially all the services that the frontend talks to directly.
r
Okay, thank you ~~ 😻
r
👍
(Renamed this thread to be more appropriate)
23 Views