Hey everyone! How do I get information of a user b...
# support-questions-legacyj
jonasalexanderson
01/24/2023, 10:44 AMHey everyone! How do I get information of a user based on the session token that I have? I would expect an endpoint like
GET /{apiBasePath}/userAuthorizationr
rp_st
01/24/2023, 10:45 AMhey! There are a couple of ways
rp_st
01/24/2023, 10:46 AMyou can read the userId and the access token payload on the frontend without querying the backend. One frontend SDK has functions for these (search in our docs)
rp_st
01/24/2023, 10:47 AMOr, you can make an API on the backend yourself which verifies the session and returns appropriate user info.
We have docs for session verification on the backend + getting user info based on the user ID.
rp_st
01/24/2023, 10:47 AMOne more point is that our session is cookie based. So using the authorization header won't work
j
jonasalexanderson
01/24/2023, 10:56 AMI really appreciate that sessions are cookie-based. That is the right way to do it. I have JWT enabled and I want my backend to be able to get user information based on the JWT. It needs to be JWT and in the header, because the backend is not hosted on the same url as Supertokens and therefore has no access to cookies
r
rp_st
01/24/2023, 11:21 AMright. So then you can send the JWT as an authorization header to the other backend, have that backend verify the JWT and get the
subrp_st
01/24/2023, 11:22 AMThen that backend can query the core directly to get info about the user.
Or you could add the required info directly in the JWT claim and then have your backend read that.
j
jonasalexanderson
01/24/2023, 12:43 PMIs it safe to put the user id in the claim? What do you think?
jonasalexanderson
01/24/2023, 12:43 PM*secure
r
rp_st
01/24/2023, 12:43 PMthe claims should already have the user ID
rp_st
01/24/2023, 12:43 PMit's the
subj
jonasalexanderson
01/24/2023, 12:43 PMGreat 👍
5 Views