https://supertokens.com/ logo
Title
j

Jonas Alexanderson

01/24/2023, 10:44 AM
Hey everyone! How do I get information of a user based on the session token that I have? I would expect an endpoint like
GET /{apiBasePath}/user
where I put the session token in the
Authorization
header, but I cannot find such an end point in the documentation: https://app.swaggerhub.com/apis/supertokens/FDI/1.15.0
r

rp

01/24/2023, 10:45 AM
hey! There are a couple of ways
you can read the userId and the access token payload on the frontend without querying the backend. One frontend SDK has functions for these (search in our docs)
Or, you can make an API on the backend yourself which verifies the session and returns appropriate user info. We have docs for session verification on the backend + getting user info based on the user ID.
One more point is that our session is cookie based. So using the authorization header won't work
j

Jonas Alexanderson

01/24/2023, 10:56 AM
I really appreciate that sessions are cookie-based. That is the right way to do it. I have JWT enabled and I want my backend to be able to get user information based on the JWT. It needs to be JWT and in the header, because the backend is not hosted on the same url as Supertokens and therefore has no access to cookies
r

rp

01/24/2023, 11:21 AM
right. So then you can send the JWT as an authorization header to the other backend, have that backend verify the JWT and get the
sub
claim from it to get the user ID.
Then that backend can query the core directly to get info about the user. Or you could add the required info directly in the JWT claim and then have your backend read that.
j

Jonas Alexanderson

01/24/2023, 12:43 PM
Is it safe to put the user id in the claim? What do you think?
*secure
r

rp

01/24/2023, 12:43 PM
the claims should already have the user ID
it's the
sub
claim
j

Jonas Alexanderson

01/24/2023, 12:43 PM
Great 👍