https://supertokens.com/ logo
Join Discord
Powered by
Hello! I have an app whose backend is written in ...
# support-questions-legacy
i
Hello! I have an app whose backend is written in Kotlin. If possible, I wouldn't like to have a different language there. Is there any possibility to interact with Supertokens hosted solution? Any plans to release a Java SDK? Thanks!
r
hey @iruizmar
A backend Java SDK is probably going to take a while. Until then, your best bet is to start another process in nodejs / golang / python which integrates with our backend SDKs and acts as the auth service
You can directly call the core APIs from your backend, but it will require you to make those APIs in your java backend - which can take a while
i
Hey @rp_st , thanks for that! That sounds reasonable. So the auth service will generate the tokens and then I can validate those on the Kotlin service to protect the routes? Is there any doc on how to achieve that (specially the second part)?.
r
There isn't specific docs for it yet, but once you call the core's sign in API, it will tell you if the credentials were correct or not. If they are correct, you can then call the core's JWT APIs to create a JWT and then send that to the frontend. Verification of the JWT would be standard.
i
Ok, I will try that, thanks 🙂
Hey mate @rp_st , sorry to disturb. How am I supposed to return the JWT to the frontend? Is it necessary to create a custom endpoint to return it? I can't see any function on the frontend SDKs for that.
r
Once you call the sign in core API from your backend, you need to call the JWT creation API to the core as well. That will return a JWT to your backend. Then the backend can send the JWT however it likes on the frontend. Are you using our frontend SDK? If yes, which one?
i
Well, the frontend is written using Kotlin Multiplatform, so I thin I will just attack the API directly.
r
right. In that case, you should can pass the JWT to the frontend hjowever you like
since it's your own API on the Kotlin side anyway
i
Yeah. So auth service (using NestJs) attacks core API to get a session, then generates a JWT and send it back to the client. All this done on a custom endpoint because there isn't any exposed automatically to do this, right?
r
oh wait, you're using nestjs backend?
We have an SDK for node js
i
I'm using nestjs just for the auth service, everything else is Kotlin.
r
i see. In that case, the APIs for sign in etc.. are exposed by the nestjs service via our backend SDK
i
I thought that was your suggestion initially, haha.
Yes, but there isn't any to retrieve the JWT, is it?
r
and that will essentially add a JWT to the access token payload of the session which can be read on the frontend
and then passed to the kotlin backend
i
Is the JWT added as a cookie or how? This is what I'm getting using the OTP endpoint.
r
yea so it's in the front-token header value. See this page: https://supertokens.com/docs/passwordless/custom-ui/handling-session-tokens, and scroll to the "If not using our frontend SDK" section
you can essentially decode the front-token and get the access token paylaod from it, which will contain the JWT
i
Awesome!!
Thanks for that 🙂 And for the super fast reply.
r
happy to help!
when you say kotlin frontend, do you mean android frontend? Or something else?
or is it a kotlin server just serving plain html / css?
i
UI is done on native Android and native iOS and web, but the domain and network logic of the three apps is shared using Kotlin Multiplatform: https://kotlinlang.org/docs/multiplatform.html
That's why I would need a "pure" Kotlin SDK, and I'm not using Android's one.
r
ohh. interesting. I see.
Cool! If you have any more questions, please feel free to ask
i
Sure, mate, thanks a lot.
3 Views
PreviousNext
Powered by