https://supertokens.com/ logo
Title
r

RevolutionWhales

02/23/2023, 5:17 PM
Hey. Sorry for asking so much questions, all seems fine so I hope It is going to be last one ๐Ÿ˜… I am trying to enable JWT authentication. I enabled jwt on sever-side like that:
recipeList: [
    jwt.init(),
    ThirdPartyEmailPassword.init({
      providers: [
        Github({
          clientId: envs.OAUTH_GITHUB_CLIENT_ID,
          clientSecret: envs.OAUTH_GITHUB_CLIENT_SECRET
        }),
      ]
    }),
    Session.init({
      jwt: {
        enable: true,
      },
      getTokenTransferMethod: () => 'header'
    }),
However, token saved after "sign in with github" under the key "st-access-token" seems to be invalid
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0=.eyJzZXNzaW9uSGFuZGxlIjoiNmM5MGRjMDAtYjg5YS00NjE4LWJhNDYtNWQ3Y2I3ZWE3OTZkIiwidXNlcklkIjoiOTdlYWUwMWUtNzViMC00M2E1LTlhYmEtZWIxNjY1MGJlNTdhIiwicmVmcmVzaFRva2VuSGFzaDEiOiJlYzRkMjM2ZWJlYjZlMDA3YzYxMjA3MTZlMzhhMzkxNjBmM2E5ZDYxMjdiMzk5MmY2OTI0M2Q3ZjQxMDBkNDk2IiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7Imp3dCI6ImV5SnJhV1FpT2lJeFl6STVaams1T1Mxa01HUmpMVFJqTkdVdFlqRTFaaTB6TlRZeU5qYzRNVFptWlRZaUxDSjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSlNVekkxTmlKOS5leUp6ZFdJaU9pSTVOMlZoWlRBeFpTMDNOV0l3TFRRellUVXRPV0ZpWVMxbFlqRTJOalV3WW1VMU4yRWlMQ0pwYzNNaU9pSm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qUXdNREF2WVhCcEwyRjFkR2dpTENKbGVIQWlPakUyTnpjeE56WXhOREFzSW1saGRDSTZNVFkzTnpFM01qVXdPWDAuVGZxbEtVaUI5cWxBSDU0aENpYW5BVGlxM2lLV09JYjVtdi1TckU3dHJVRzNuQUNxWDg1V2FXR2hENDBEUnlWb2hmTzdNXzhSRGxYUFRXMWZwcnNlRS1YemJXZmhpUlZ1dmc3WTk3UlpwZEdYbFFDRFp6VXlvSmVyZnZEVVJrVkZrbnVDT1ppUDVwUmlCeFBiYUpNVWVqNElYaEtwRVpnZnRmY3hvcUxTN3Z3RVlfZ1hrUUZpWTlVSUpsMGVBV2ZvcXBEVnpwS0dRWDByQnRfSk9oMnlxZTlDYUk4ZFRsU2phdEZLTXpjX01ROVRSRFdQYnNrbHNuOXRHbEh5bWp6dEZHbEMxOUhnUWtlR0dJczVyNkNXRXJRZ2hxcUd4M2tPTlZUbWxSbGFXcGlPOEx3QUFmbkd4VDhGLVFFWWpiTlFyS1g2VFkxU0dhYldKWWxQTUFsbGJBIiwiX2p3dFBOYW1lIjoiand0In0sImFudGlDc3JmVG9rZW4iOm51bGwsImV4cGlyeVRpbWUiOjE2NzcxNzYxMDkwNTcsInRpbWVDcmVhdGVkIjoxNjc3MTcyNTA5MDU3LCJsbXJ0IjoxNjc3MTcyNTA5MDU3fQ==.SJP9HmDXLDnl8HrnQveldwVlCYNblZCcL2XF5BBom5DLhR0FlceG/g9jT9f0XCXsrazBolaWvhyJ5NIBk5THz6q81gmN9yS6vjz1iEdLi1fLcfGlukr0bUeImhCE+jH9SbigNnk+SQCvv9VYnUXFf8iizX2cybgx8f7z+Y5vWWAjDp6tyEjal4ngrlxg6BmEFHZXdB8mX2f+0aPfEoBUKBds4VvgjXgYx0YohRryM6rFXFZ+zxS0cVMj3FWLeFLCHrxt5Ch2bRPx41itFUNUlBvo56TPH/gasUVv35Gk2KCX1RTWlQ1Pcmch72gDQ+dtn1if8jZ/Zepm+mfUQKWsuA==
JWT is invalid so I'm getting error:
JsonWebTokenError: invalid token
Ok I've found additional docs: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/with-jwt/read-jwt I was looking everywhere else probably ๐Ÿ˜…
but still,
st-access-token
should be a JWT, right? It seems not to be in my case
r

rp

02/23/2023, 8:39 PM
Itโ€™s not a JWT, but it is a stateless cookie. We had intentionally made it this way cause people were using the st-access-token for third party service auth as well, which itโ€™s not meant for.
But then we got feedback really quickly (similar to yours) that that was not a good idea. So we are working on making it a JWT as well.
r

RevolutionWhales

02/24/2023, 7:30 AM
Oh ok, thank you for answer! So basically in current way you propose to authenticate, and after it to fetch JWT token and use this token to authenticate third party service?
r

rp

02/24/2023, 7:34 AM
yes