Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
n
n1ru4l
11/04/2022, 9:13 AMAnyone having an idea where a
SessionError: INVALID_CLAIMSSessionError: INVALID_CLAIMS
at Session.<anonymous> (/app/node_modules/supertokens-node/lib/build/recipe/session/sessionClass.js:146:27)
at Generator.next (<anonymous>)
at fulfilled (/app/node_modules/supertokens-node/lib/build/recipe/session/sessionClass.js:15:36)
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
type: 'INVALID_CLAIMS',
payload: [ [Object] ],
errMagic: 'ndskajfasndlfkj435234krjdsa',
fromRecipe: 'session'
}r
rp
11/04/2022, 9:14 AMhey @n1ru4l can you print out the value of the
payload> On a site note - is there any plans for removing the async -> generator transform?
Could you please open an issue about this on our github? We will have a look
n
n1ru4l
11/04/2022, 9:19 AMlet me see how i can print the payload - it is from staging logs 😄
r
rp
11/04/2022, 9:20 AMthanks.
n
n1ru4l
11/04/2022, 9:24 AMIs the payload safe to be JSON.stringified?
r
rp
11/04/2022, 9:25 AMyes. It is
n
n1ru4l
11/04/2022, 9:25 AMokay deploying soon -i will let you know
r
rp
11/04/2022, 9:25 AMthanks
n
n1ru4l
11/04/2022, 10:37 AM[debug] SessionError [{"id":"st-ev","reason":{"message":"wrong value","expectedValue":true,"actualValue":false}}]{"id":"st-ev","reason":{"message":"wrong value","expectedValue":true,"actualValue":false}}r
rp
11/04/2022, 10:38 AMI see.
Have you initilaised email verification recipe on the backend but not on the frontend?
n
n1ru4l
11/04/2022, 10:41 AMit should be initialised for sure, it happens in the code before
const { backendConfig } = await import('@/config/supertokens/backend');
const SupertokensNode = await import('supertokens-node');
const Session = await import('supertokens-node/recipe/session');
SupertokensNode.init(backendConfig());
let session: SessionContainerInterface | undefined;
try {
console.log('[debug] before Session.getSession');
session = await Session.getSession(context.req, context.res, { sessionRequired: false });
console.log('[debug] after Session.getSession');
} catch (e) {
console.log('[debug] oh no it throws');
if ('payload' in (e as any)) {
console.log('[debug] SessionError', JSON.stringify((e as any).payload));
}
throw e;
}oh wait... I misread your question...
r
rp
11/04/2022, 10:47 AMbasically this is happening cause the user's email is not verified, and on the backend, you have done emailverification.init -> which essentially requires that the user's email is verified for session verification to succeed.
If you want to change that, either remove emailverification.init on the backend, or implement an email verification flow on the frontend, or set the emailverfiication on the backend to be in optional mode.
Details of this can be found in our docs in the email verification section.
n
n1ru4l
11/04/2022, 10:48 AMno it is required on both
ahhh i see
previously this was only verified on the frontend - i remember that i had a question related to this
r
rp
11/04/2022, 10:49 AMyeaaa. So that changed in the new releases.
if you are using our pre built UI on the frontend, then post sign up, the frontend SDK should redirect you to the email verification page.
If you are not using our pre built UI, you will have to make that flow.
n
n1ru4l
11/04/2022, 10:49 AMokay so I kind of have to change my implementation to redirect to the verify email screen in that case
r
rp
11/04/2022, 10:49 AMyes.
post sign up
n
n1ru4l
11/04/2022, 10:50 AMwe use the prebuilt ui
r
rp
11/04/2022, 10:50 AMoh.. the pre built UI should redirect post sign up on its own
have you updated to the newer version of the frontend SDK?
n
n1ru4l
11/04/2022, 10:50 AMi think we have some custom logic for redirecting to the latest visited url instead
r
rp
11/04/2022, 10:51 AMHmm. That's in the getRedirectionUrl function?
cause that function is only called after the email verification is done - in case email verification is required (which it is in this case)
n
n1ru4l
11/04/2022, 10:57 AMtrying to reproduce this issue locally now..
my first feedback thought: this error shouldn't be that cryptic
r
rp
11/04/2022, 10:59 AMfair enough.
the payload was printed out as
[ [Object] ]n
n1ru4l
11/04/2022, 11:02 AM"supertokens-auth-react": "0.27.1",
"supertokens-node": "12.0.5",
"supertokens-js-override": "0.0.4",
"supertokens-website": "14.0.2",r
rp
11/04/2022, 11:03 AMIs the server side getSession running on all pages? Even the email verification page?
n
n1ru4l
11/04/2022, 11:03 AMit runs on /
and after login i am kind of redirected there
or if i am already logged in and just visiting that page
so in any case i wanna catch this and redirect to the form i guess
we have some helper function:
/**
* Utility for protecting a server side props function with session handling.
* Redirects user to the login page in case there is no session.
*/
export function withSessionProtection(handlerFn: GetServerSideProps = defaultHandler) {
const getServerSideProps: GetServerSideProps = async context => {
const result = await serverSidePropsSessionHandling(context);
if (result) {
return result;
}
return handlerFn(context);
};
return getServerSideProps;
}r
rp
11/04/2022, 11:05 AMYea. You should do that.
If you see this link: https://supertokens.com/docs/thirdpartyemailpassword/nextjs/session-verification/in-ssr
it has the
else if (err.type === Session.Error.UNAUTHORISED || err.type === Session.Error.INVALID_CLAIMS) {so in case it's INVALID_CLAIMS, you can send a response to the frontend that indicates you need to redirect to the email verification page
n
n1ru4l
11/04/2022, 11:06 AMi see - does
err.type === Session.Error.INVALID_CLAIMS)r
rp
11/04/2022, 11:06 AMdepends on the claims you have added.
For examlpe, the user roles adds its claims too
thats where the payload comes into the picture
n
n1ru4l
11/04/2022, 11:07 AMand what was the url of the email page 😅
r
rp
11/04/2022, 11:07 AMif the payload array contains an object with the
idst-evthat being said, you should not have run into this issue at all - post sign in, the SDK should have redirected you to the email verification page
why is that not happening?
n
n1ru4l
11/04/2022, 11:09 AMapparently it does not 😅 and i cannot see anything fishy tbh
r
rp
11/04/2022, 11:09 AMhmm. That's really strange.
I'll investigate
n
n1ru4l
11/04/2022, 11:09 AMit should be on the frontend config, right?
r
rp
11/04/2022, 11:10 AMemailverification.init?
n
n1ru4l
11/04/2022, 11:10 AMdont wanna let you search for sth that i might have broken in user code
😄
r
rp
11/04/2022, 11:10 AMYea, you need to add that to the frontend config's recipeList
n
n1ru4l
11/04/2022, 11:10 AMreturn {
appInfo: appInfo(),
recipeList: [
ThirdPartyEmailPasswordReact.init({
signInAndUpFeature: {
providers,
},
override: env.auth.organizationOIDC ? getOIDCOverrides() : undefined,
}),
EmailVerification.init({
mode: env.auth.requireEmailVerification ? 'REQUIRED' : 'OPTIONAL',
}),
SessionReact.init(),
],
};mode is definetly set to required
r
rp
11/04/2022, 11:11 AMhmm.
let me check
Oh i think that's intentional from our side - my bad
We only do redirection post sign up
but in your case the getServerSideProps runs before
n
n1ru4l
11/04/2022, 11:13 AMyeah so the solution you proposed with the redirect makes sense
r
rp
11/04/2022, 11:13 AMOne simple solution to this would be to simply make the getSession function not check for claims at all in the getServerSideProps function
and then it will pass, and the SessionAuth on ther frontend will detect the failed claim and redirect on its own
n
n1ru4l
11/04/2022, 11:14 AMI think the redirect approach is just fine tbh
r
rp
11/04/2022, 11:14 AMAlright
n
n1ru4l
11/04/2022, 11:15 AMit makes sense - the session is not valid unless the email is verified
r
rp
11/04/2022, 11:16 AMbut regardless (in case you change your mind), the way you can do the other thing is to call getSession like this:
await Session.getSession(context.req, context.res, {
overrideGlobalClaimValidators: () => {
return []
}
})n
n1ru4l
11/04/2022, 11:17 AMIn that I case I think it is kind of more elegant to already start the redirect on the backend - compared to doing it on the frontend
Thanks again 🙂
r
rp
11/04/2022, 11:18 AMfair enough 🙂
also keep in mind that this is an edge case - this situation will only happen if a user signed up and didn't do email verification and then tries to sign in again after
or if you change the config of email verification mode over time from REQUIRED to OPTIONAL and then back