https://supertokens.com/ logo
Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Powered by
Title
r

RevolutionWhales

02/23/2023, 5:17 PM
Hey. Sorry for asking so much questions, all seems fine so I hope It is going to be last one ๐Ÿ˜… I am trying to enable JWT authentication. I enabled jwt on sever-side like that:
recipeList: [
    jwt.init(),
    ThirdPartyEmailPassword.init({
      providers: [
        Github({
          clientId: envs.OAUTH_GITHUB_CLIENT_ID,
          clientSecret: envs.OAUTH_GITHUB_CLIENT_SECRET
        }),
      ]
    }),
    Session.init({
      jwt: {
        enable: true,
      },
      getTokenTransferMethod: () => 'header'
    }),
However, token saved after "sign in with github" under the key "st-access-token" seems to be invalid
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0=.eyJzZXNzaW9uSGFuZGxlIjoiNmM5MGRjMDAtYjg5YS00NjE4LWJhNDYtNWQ3Y2I3ZWE3OTZkIiwidXNlcklkIjoiOTdlYWUwMWUtNzViMC00M2E1LTlhYmEtZWIxNjY1MGJlNTdhIiwicmVmcmVzaFRva2VuSGFzaDEiOiJlYzRkMjM2ZWJlYjZlMDA3YzYxMjA3MTZlMzhhMzkxNjBmM2E5ZDYxMjdiMzk5MmY2OTI0M2Q3ZjQxMDBkNDk2IiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7Imp3dCI6ImV5SnJhV1FpT2lJeFl6STVaams1T1Mxa01HUmpMVFJqTkdVdFlqRTFaaTB6TlRZeU5qYzRNVFptWlRZaUxDSjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSlNVekkxTmlKOS5leUp6ZFdJaU9pSTVOMlZoWlRBeFpTMDNOV0l3TFRRellUVXRPV0ZpWVMxbFlqRTJOalV3WW1VMU4yRWlMQ0pwYzNNaU9pSm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qUXdNREF2WVhCcEwyRjFkR2dpTENKbGVIQWlPakUyTnpjeE56WXhOREFzSW1saGRDSTZNVFkzTnpFM01qVXdPWDAuVGZxbEtVaUI5cWxBSDU0aENpYW5BVGlxM2lLV09JYjVtdi1TckU3dHJVRzNuQUNxWDg1V2FXR2hENDBEUnlWb2hmTzdNXzhSRGxYUFRXMWZwcnNlRS1YemJXZmhpUlZ1dmc3WTk3UlpwZEdYbFFDRFp6VXlvSmVyZnZEVVJrVkZrbnVDT1ppUDVwUmlCeFBiYUpNVWVqNElYaEtwRVpnZnRmY3hvcUxTN3Z3RVlfZ1hrUUZpWTlVSUpsMGVBV2ZvcXBEVnpwS0dRWDByQnRfSk9oMnlxZTlDYUk4ZFRsU2phdEZLTXpjX01ROVRSRFdQYnNrbHNuOXRHbEh5bWp6dEZHbEMxOUhnUWtlR0dJczVyNkNXRXJRZ2hxcUd4M2tPTlZUbWxSbGFXcGlPOEx3QUFmbkd4VDhGLVFFWWpiTlFyS1g2VFkxU0dhYldKWWxQTUFsbGJBIiwiX2p3dFBOYW1lIjoiand0In0sImFudGlDc3JmVG9rZW4iOm51bGwsImV4cGlyeVRpbWUiOjE2NzcxNzYxMDkwNTcsInRpbWVDcmVhdGVkIjoxNjc3MTcyNTA5MDU3LCJsbXJ0IjoxNjc3MTcyNTA5MDU3fQ==.SJP9HmDXLDnl8HrnQveldwVlCYNblZCcL2XF5BBom5DLhR0FlceG/g9jT9f0XCXsrazBolaWvhyJ5NIBk5THz6q81gmN9yS6vjz1iEdLi1fLcfGlukr0bUeImhCE+jH9SbigNnk+SQCvv9VYnUXFf8iizX2cybgx8f7z+Y5vWWAjDp6tyEjal4ngrlxg6BmEFHZXdB8mX2f+0aPfEoBUKBds4VvgjXgYx0YohRryM6rFXFZ+zxS0cVMj3FWLeFLCHrxt5Ch2bRPx41itFUNUlBvo56TPH/gasUVv35Gk2KCX1RTWlQ1Pcmch72gDQ+dtn1if8jZ/Zepm+mfUQKWsuA==
JWT is invalid so I'm getting error: 
JsonWebTokenError: invalid token
Ok I've found additional docs: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/with-jwt/read-jwt I was looking everywhere else probably ๐Ÿ˜…
but still, 
st-access-token
should be a JWT, right? It seems not to be in my case
r

rp

02/23/2023, 8:39 PM
Itโ€™s not a JWT, but it is a stateless cookie. We had intentionally made it this way cause people were using the st-access-token for third party service auth as well, which itโ€™s not meant for.
But then we got feedback really quickly (similar to yours) that that was not a good idea. So we are working on making it a JWT as well.
r

RevolutionWhales

02/24/2023, 7:30 AM
Oh ok, thank you for answer! So basically in current way you propose to authenticate, and after it to fetch JWT token and use this token to authenticate third party service?
r

rp

02/24/2023, 7:34 AM
yes
#support-questionsJoin Discord
Powered by