Hello hello We re using the node express sdk We ve been tryi SuperTokens.com #support-questions-legacy

Hello hello ! 😁 We're using the node-express sdk...

ulys8253

11/08/2022, 3:00 PM

Hello hello ! 😁 We're using the node-express sdk We've been trying to override the infamous

"try refresh token"

401 error message to no avail. (The one returned by

verifySession

when a token has expired) The

SessionInit.errorHandlers.onUnauthorized

override method doesn't seem to be called for this error. We've tried writing a custom

verifySession

middleware for this only purpose (sad) but can't seem to find a way to overwrite the error message. Could you point us in the right direction please ? 🥹

rp_st

11/08/2022, 3:02 PM

hey! You could write your own middleware using the

getSession

function as shown in this page: https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session The

getSession

function throws an error in case of try refresh token or unauthorised which you can catch and send back a custom response to the frontend as you like.

rp_st

11/08/2022, 3:02 PM

whats the motivation behind changing the response though?

ulys8253

11/08/2022, 3:09 PM

For the sake of error standardization i'd say haha

rp_st

11/08/2022, 3:09 PM

Hmm ok fair

ulys8253

11/08/2022, 3:11 PM

So that's the only way we've found to override the message: to build a custom verifySession middleware using getSession as you said. Ill paste the code in case it can help someone in the future. It does seem to be a bit much only to change an error message, is that the only way ?

Copy code

const verifySession = (options?: VerifySessionOptions) => {
  return async (req: Request, res: Response, next: NextFunction) => {
    try {
      if (options?.sessionRequired === false) {
        (req as any).session = await Session.getSession(req, res, {
          antiCsrfCheck: options?.antiCsrfCheck,
          overrideGlobalClaimValidators: options?.overrideGlobalClaimValidators,
          sessionRequired: false,
        });
      } else {
        (req as any).session = await Session.getSession(req, res, {
          antiCsrfCheck: options?.antiCsrfCheck,
          overrideGlobalClaimValidators: options?.overrideGlobalClaimValidators,
          sessionRequired: true,
        });
      }
      next();
    } catch (err) {
      if (err.type === 'TRY_REFRESH_TOKEN') {
        return next(new Unauthorized(Errors.refresh_token));
      }
      errorHandler()(err, req, res, (err) => next(err));
    }
  };
};

rp_st

11/08/2022, 3:12 PM

Yeaa. At the moment, that’s the only way.

rp_st

11/08/2022, 3:13 PM

You can open an issue about it and we can introduce a callback that you can provide similar to the onUnauthirised one, but for ur refresh token

ulys8253

11/08/2022, 3:34 PM

That would be sweet, I'll try and open an issue later. Thanks rp !

6 Views

Previous Next