I am working on a frontend app talking to a supert...
# support-questions
l
I am working on a frontend app talking to a supertokens backend and implementing OTP login with phone works like a charm, I wanted to read the JWT in the client so I had to add the session recipe to the backend and also call session.init in my client, this worked also like a charm and I was able to read the JWT. However when I do not log in using phone and OTP, I still want to have a JWT session for anonymous users but the Session.getUserId() returns false Is there anything more to it for session based authentication other than just having Session.Init() in the recipes array in the client and also in the backend? BTW: just wanted to shout out that other than this, using supertokens has been so smooth
Copy code
javascript
SuperTokens.init({
  appInfo: {
    apiDomain: import.meta.env.VITE_PAYMENTS_GW_URL,
    apiBasePath: "/auth",
    appName: "payments",
  },
  recipeList: [Session.init(), Passwordless.init()],
});
RecipeList in the backend init
Copy code
go
RecipeList: []st.Recipe{
            passwordless.Init(plessmodels.TypeInput{
                FlowType: "USER_INPUT_CODE",
                ContactMethodPhone: plessmodels.ContactMethodPhoneConfig{
                    Enabled: true,
                },
            }),
            session.Init(&sessmodels.TypeInput{
                Jwt: &sessmodels.JWTInputConfig{
                    Enable: true,
                },
            }), // initializes session features
        },
And here is the function that I use to extract the JWT (which btw works when I have authenticated using the passwordless OTP approach)
Copy code
javascript
  const getSupertokensJwt = async () => {
    if (await Session.doesSessionExist()) {
      let userId = await Session.getUserId();
      let accessToken = await Session.getAccessTokenPayloadSecurely();
      return accessToken.jwt;
    }
  };
Is there something missing about the userId variable there since it is fetched but never used in the code snippet provided by you guys.
r
hey @listmalarinn for anonymous sessions, we would recommend that you use our JWT recipe on the backend to create a new JWT and attach it to cookies. This would be a completely different session management system that using our session recipe - so you would need to handle how the token is generated, saved, modified, and how the info is transferred to a logged in session (if applicable). Thanks for the kind words of appreciation 🙂
l
I would need to access the JWT in the JS code (not only cookie) since I am going to need it to make a call to another service (we are going to use the ST tokens to control access to other resources in our system) Is that possible using the JWT (microservices) recipe?
r
Yea it is
the JWT recipe returns the JWT string to you. So you can transfer it to the frontend however you like
note that you need to do this only for anonymous sessions
for logged in sessions, we issue a JWT and manage its refreshing for you on our own
In theory, you could create anonymous sessions using our session recipe as well using the session.createNewSession function and pass it any random UUID. The problem is that this saves stuff in the db
and if you have MANY website visitors, you will be creating many entries in the DB.
l
Ok thanks for the quick reply, I will look into the JWT recipe and then be in touch if I encounter any more bumps 🙂
Just one more thing really quick, the docs clearly need to be reviewed since they state that for session recipe you can access the JWT like I was trying to do.
r
That should work though
Can you send over the value of sAccessToken?
and also the value of sFrontToken
(post login)
l
There is no sAccessToken nor sFrontToken set when I just use the session.Init, that is the problem.
r
right. You need to create a new session for that. The docs assume that the creation happens via a sign in / sign up call. But if you want to create a session yourself, you can use https://supertokens.com/docs/session/common-customizations/sessions/new-session
l
So I can use this and skip using the microservices JWT recipe?
r
yea. The only downside is that it will add the session info to the db
so if tyou have many anonymous users, they will keep on adding to your db unnecessarily.
l
ah right, that was something you mentioned before.. forgot after 1 hour away for lunch 🙂
ok thank you so much for your help, really appreciate it.