Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
a
Axel Jönsson
12/05/2022, 12:16 PMHi guys! I've come across a pretty strange behavior. I'm using the SDK in a react native app.
In order to maintain the session state i routinely check "SuperTokens.doesSessionExist()" and with that answer go forward with an authorized/unauthorized user.
What i have discovered is that when the session expires, the method "doesSessionExist", still resolves true.
r
rp
12/05/2022, 12:17 PMhey @Axel Jönsson
a
Axel Jönsson
12/05/2022, 12:17 PMYo!
r
rp
12/05/2022, 12:17 PMwhen the session expires meaning that the access token has expired? or that the refresh token has expired too?
a
Axel Jönsson
12/05/2022, 12:23 PMno, its the access token. Because i can run the "attemptRefreshingSession()" method instead of "doesSessionExist()" as a work around
r
rp
12/05/2022, 12:27 PMright yea. So in this case, a session does exist. It's just that the access token has expired.
a session fails to exist when the refresh token was revoked or has expired.
a
Axel Jönsson
12/05/2022, 12:34 PMok that explains it actually, what is your recommendation if i just want a simple way to check if a session is valid?
Should i go for "getUserId()"? if it is an empty string the session is false? or something like that?
r
rp
12/05/2022, 12:36 PMnot really. You shouldn't have to worry about access token expiration. Just use the functions freely. Refreshing happens on its own
a
Axel Jönsson
12/05/2022, 12:38 PMhuh, that sparks a couple of questions. Refreshing happens on its own?
r
rp
12/05/2022, 12:38 PMyea. Are you using axios?
if so, you need to add our axios interceptors to your axios instance
and then it will do auto refresh when you make an API call
a
Axel Jönsson
12/05/2022, 12:39 PMooh, ok. No i have a simple fetch call right now. Was hoping to make use of your coming fix to intercept apollo requests
r
rp
12/05/2022, 12:40 PMfetch interception also should happen on its own
a
Axel Jönsson
12/05/2022, 12:40 PMhmm
r
rp
12/05/2022, 12:40 PMas long as you called session.init
a
Axel Jönsson
12/05/2022, 12:40 PMyep
wait, session.init?
r
rp
12/05/2022, 12:41 PMin the request that you make, what are all the headers that sent in the request?
> wait, session.init?
Oh sorry
just supertokens.init
a
Axel Jönsson
12/05/2022, 12:41 PMye
hehe
with a google login i send:
headers: {
'Content-Type': 'application/json',
rid: 'emailpassword',
},
r
rp
12/05/2022, 12:43 PMright. So interception is happening
oh wait no..
i mean can you show me the request headers for an API call to one of your APIs?
a
Axel Jönsson
12/05/2022, 12:43 PMyeah
r
rp
12/05/2022, 12:43 PMthat you call using fetch
post login
a
Axel Jönsson
12/05/2022, 12:48 PMr
rp
12/05/2022, 12:48 PMright. So interception is happening
now if the API returns 401, does it not call the refresh APi?
a
Axel Jönsson
12/05/2022, 12:50 PMno, i've tried it locally with an expiry timer on 1 min. And i have to manually call refresh in order to get it to do exactly that
r
rp
12/05/2022, 12:50 PMhmm. Does the API return a 401 if the access token has expired?
a
Axel Jönsson
12/05/2022, 12:50 PMcall "attemptRefreshing.."
hmm.. that i haven't tried actually
or checked rather
r
rp
12/05/2022, 12:51 PMso you should let the access token expire and then call an API that uses verifySession. That API should return a 401 which should trigger a refresh API call on its own
so you don't need to call "attemptRefreshing.."
a
Axel Jönsson
12/05/2022, 12:53 PMI have to check how it is done in the backend. It's not me who set that part up
r
rp
12/05/2022, 12:53 PMright. All you should see is that the API returns a 401 when access token has expired or is missing
a
Axel Jönsson
12/05/2022, 12:54 PMaight, give me a couple of mins
have to set things up locally
ok
so i did not get a 401 back
i only got an error from hasura, saying "code: access-denied"
so maybe it is the hasura middle layer interrupting me again
?
But i gues that that is good enough. "code: access-denied" is the translation of 401, so i can handle that error in the client side.
r
rp
12/05/2022, 1:40 PMyea. but it's better for the backend to send 401
you shouldn't have to handle refreshing on your frontend
a
Axel Jönsson
12/05/2022, 1:54 PMI fully agree but with the requests going through hasura i dont really see a better way for now.
But at least now i know how it works
So a huge thanks for the help today! I
You'll probably hear from me again sometime 🙂 Merry christmas!
r
rp
12/05/2022, 1:59 PMsounds good 🙂