n1ru4l
11/04/2022, 9:13 AMSessionError: INVALID_CLAIMS
is coming from - I get this after logging in with email + password.
The stack trace is not that helpful
SessionError: INVALID_CLAIMS
at Session.<anonymous> (/app/node_modules/supertokens-node/lib/build/recipe/session/sessionClass.js:146:27)
at Generator.next (<anonymous>)
at fulfilled (/app/node_modules/supertokens-node/lib/build/recipe/session/sessionClass.js:15:36)
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
type: 'INVALID_CLAIMS',
payload: [ [Object] ],
errMagic: 'ndskajfasndlfkj435234krjdsa',
fromRecipe: 'session'
}
On a site note - is there any plans for removing the async -> generator transform? Async functions are supported since a long time now and covered by all LTS versions https://node.green/#ES2017-features-async-functionsrp_st
11/04/2022, 9:14 AMpayload
?rp_st
11/04/2022, 9:14 AMn1ru4l
11/04/2022, 9:19 AMn1ru4l
11/04/2022, 9:19 AMrp_st
11/04/2022, 9:20 AMn1ru4l
11/04/2022, 9:24 AMrp_st
11/04/2022, 9:25 AMn1ru4l
11/04/2022, 9:25 AMrp_st
11/04/2022, 9:25 AMn1ru4l
11/04/2022, 10:37 AM[debug] SessionError [{"id":"st-ev","reason":{"message":"wrong value","expectedValue":true,"actualValue":false}}]
n1ru4l
11/04/2022, 10:38 AM{"id":"st-ev","reason":{"message":"wrong value","expectedValue":true,"actualValue":false}}
is the payloadrp_st
11/04/2022, 10:38 AMrp_st
11/04/2022, 10:38 AMn1ru4l
11/04/2022, 10:41 AMn1ru4l
11/04/2022, 10:41 AMconst { backendConfig } = await import('@/config/supertokens/backend');
const SupertokensNode = await import('supertokens-node');
const Session = await import('supertokens-node/recipe/session');
SupertokensNode.init(backendConfig());
let session: SessionContainerInterface | undefined;
try {
console.log('[debug] before Session.getSession');
session = await Session.getSession(context.req, context.res, { sessionRequired: false });
console.log('[debug] after Session.getSession');
} catch (e) {
console.log('[debug] oh no it throws');
if ('payload' in (e as any)) {
console.log('[debug] SessionError', JSON.stringify((e as any).payload));
}
throw e;
}
n1ru4l
11/04/2022, 10:45 AMrp_st
11/04/2022, 10:47 AMrp_st
11/04/2022, 10:47 AMn1ru4l
11/04/2022, 10:48 AMn1ru4l
11/04/2022, 10:48 AMn1ru4l
11/04/2022, 10:49 AMrp_st
11/04/2022, 10:49 AMrp_st
11/04/2022, 10:49 AMn1ru4l
11/04/2022, 10:49 AMrp_st
11/04/2022, 10:49 AMrp_st
11/04/2022, 10:50 AMn1ru4l
11/04/2022, 10:50 AMrp_st
11/04/2022, 10:50 AMrp_st
11/04/2022, 10:50 AMn1ru4l
11/04/2022, 10:50 AMrp_st
11/04/2022, 10:51 AMrp_st
11/04/2022, 10:51 AMn1ru4l
11/04/2022, 10:57 AMn1ru4l
11/04/2022, 10:57 AMrp_st
11/04/2022, 10:59 AMrp_st
11/04/2022, 11:00 AM[ [Object] ]
which is why it was hard to decipher. But we can add some more info to it to make it easiern1ru4l
11/04/2022, 11:02 AM"supertokens-auth-react": "0.27.1",
"supertokens-node": "12.0.5",
"supertokens-js-override": "0.0.4",
"supertokens-website": "14.0.2",
so these are definetly the latest version 🤔
I guess the issue here is that we are doing the validation before anything happens on the frontend - within the server side props handler - thus - we should catch this case there and in that case redirect to the confirm email form?rp_st
11/04/2022, 11:03 AMn1ru4l
11/04/2022, 11:03 AMn1ru4l
11/04/2022, 11:03 AMn1ru4l
11/04/2022, 11:04 AMn1ru4l
11/04/2022, 11:04 AMn1ru4l
11/04/2022, 11:05 AM/**
* Utility for protecting a server side props function with session handling.
* Redirects user to the login page in case there is no session.
*/
export function withSessionProtection(handlerFn: GetServerSideProps = defaultHandler) {
const getServerSideProps: GetServerSideProps = async context => {
const result = await serverSidePropsSessionHandling(context);
if (result) {
return result;
}
return handlerFn(context);
};
return getServerSideProps;
}
rp_st
11/04/2022, 11:05 AMrp_st
11/04/2022, 11:05 AMrp_st
11/04/2022, 11:06 AMelse if (err.type === Session.Error.UNAUTHORISED || err.type === Session.Error.INVALID_CLAIMS) {
linerp_st
11/04/2022, 11:06 AMn1ru4l
11/04/2022, 11:06 AMerr.type === Session.Error.INVALID_CLAIMS)
always mean email verification missing?rp_st
11/04/2022, 11:06 AMrp_st
11/04/2022, 11:07 AMrp_st
11/04/2022, 11:07 AMn1ru4l
11/04/2022, 11:07 AMrp_st
11/04/2022, 11:07 AMid
st-ev
it's cause of email verification failure.rp_st
11/04/2022, 11:08 AMrp_st
11/04/2022, 11:08 AMn1ru4l
11/04/2022, 11:09 AMrp_st
11/04/2022, 11:09 AMrp_st
11/04/2022, 11:09 AMn1ru4l
11/04/2022, 11:09 AMrp_st
11/04/2022, 11:10 AMn1ru4l
11/04/2022, 11:10 AMn1ru4l
11/04/2022, 11:10 AMrp_st
11/04/2022, 11:10 AMn1ru4l
11/04/2022, 11:10 AMreturn {
appInfo: appInfo(),
recipeList: [
ThirdPartyEmailPasswordReact.init({
signInAndUpFeature: {
providers,
},
override: env.auth.organizationOIDC ? getOIDCOverrides() : undefined,
}),
EmailVerification.init({
mode: env.auth.requireEmailVerification ? 'REQUIRED' : 'OPTIONAL',
}),
SessionReact.init(),
],
};
n1ru4l
11/04/2022, 11:10 AMn1ru4l
11/04/2022, 11:10 AMrp_st
11/04/2022, 11:11 AMrp_st
11/04/2022, 11:12 AMrp_st
11/04/2022, 11:12 AMrp_st
11/04/2022, 11:13 AMrp_st
11/04/2022, 11:13 AMn1ru4l
11/04/2022, 11:13 AMrp_st
11/04/2022, 11:13 AMrp_st
11/04/2022, 11:14 AMn1ru4l
11/04/2022, 11:14 AMrp_st
11/04/2022, 11:14 AMn1ru4l
11/04/2022, 11:15 AMrp_st
11/04/2022, 11:16 AMawait Session.getSession(context.req, context.res, {
overrideGlobalClaimValidators: () => {
return []
}
})
n1ru4l
11/04/2022, 11:17 AMn1ru4l
11/04/2022, 11:18 AMrp_st
11/04/2022, 11:18 AMrp_st
11/04/2022, 11:19 AMrp_st
11/04/2022, 11:19 AM