Channels
#support-questions
Title
v
veritas
07/09/2022, 6:43 AMHi there! I'm trying to integrate SuperTokens with my Python API but it looks like there are some incompatibilities with other libs (Django 4.0.3). Is the cookie spec documented somewhere so I can verify it myself without using the SDK?
r
rp
07/09/2022, 6:46 AMHey @veritas we don't have the cookie spec documented anywhere as such. But you can checkout this function to see how the validation works: https://github.com/supertokens/supertokens-python/blob/master/supertokens_python/recipe/session/session_functions.py#L74
On the other hand, we can probably sort of the dependency issue if you show me the error.
Or rather create an issue about the dependency error on our github
v
veritas
07/09/2022, 6:59 AMThanks, opened an issue: https://github.com/supertokens/supertokens-python/issues/207
More generally, I'd really encourage documenting the cookie spec. I'm fine with adopting a 3rd-party tool for auth on the frontend but I need to be confident that I can authenticate with any of my services even if you don't have an SDK for them.
r
rp
07/09/2022, 7:00 AMFair enough!
When you say spec, you mean pseduo code for how to go about verifying the access token yourself manually. Right?
v
veritas
07/09/2022, 7:19 AMYeah, that would be ideal. The base case is comparing to JWTs which are very well-documented, despite their security flaws.
Another issue: I'm trying to fetch the JWKS (https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/with-jwt/get-public-key#1-call-the-jwks-endpoint-for-supertokens-core) but get a 401 error. There's no explanation of what auth I need to provide.
r
rp
07/09/2022, 7:48 AMYou need to provide the api-key header for the core
2 Views