Hi. Is there any way to change expiration time of tokens depending on the way session created? Now user gets its session using

auth/signinup/code

, then sends otp (we use passwordless recipe)

auth/signinup/code/consume

which gives them tokens. This works fine, but now we want users of mobile app, which we are developing have tokens which will expire after a day, not after several hours as now. TIA.

Hi @kuzyaross At the moment thats not possible, out of curiosity though why would you need this?

Hi @nkshah2 Thank you for your answer. In addition to the fact that mobile app users shouldn't constantly re-enter using the app, we want to understand what session was issued from the mobile app to limit access to certain roles. For example, the mobile app cannot be used by an organization administrator (business logic) If auto refresh is done by the mobile SDK, the question arises Is it possible to define another path

auth/mobile/signup/code

that does the same thing as the default

auth/signup/code

, only I can limit the roles that can use this path?

You could send additional information in the request for mobile users and then set different roles for that user using the overrides feature in the backend SDKs

Oh, i see. How i can add business logic to auth/signup/code ?

Are you using NodeJS on the backend?

Django

Right im not too familiar with python syntax but I can help explain what you would want to do: On your backend you would want to override the

/signinup/code/consume

API (Refer to this for overrides https://supertokens.com/docs/passwordless/advanced-customizations/apis-override/usage). This API is responsible for signing up users after they enter the code In this API check if the request contains the custom header/body property that your mobile users would send. If it contains it, you can set different roles than the ones you normally would for this user

Thank you! It helps a lot🥰

Happy to help! Feel free to reach out if you face any issues setting this up