Skip to main content

Enable JWTs with sessions

When to use this feature?#

When using SuperTokens our default session management solution will suffice for most use cases. You do not need to use JWTs unless you want to:

  • Integrate with services that rely on JWT based authentication (For example Hasura)
  • Integrate SuperTokens with a backend framework that we do not support yet

Enable JWT feature#

import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
jwt: {
enable: true,
},
})
]
});

Using a custom issuer#

By default SuperTokens uses your {apiDomain}/auth for the issuer URL. To change the path provide appInfo.apiBasePath when initialising SuperTokens.

In some cases you may need to provide a custom issuer, for example during development you may need to test with external services (like Hasura Cloud). Since the JWKS endpoint is exposed via your backend, JWT verification will fail because the service may not be able to query your local environment (localhost, 127.0.0.1). You can expose your local environment to the internet (using ngrok for example), and set a custom issuer URL instead:

import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
jwt: {
enable: true,
/*
* This is an example of a URL that ngrok generates when
* you expose localhost to the internet
*/
issuer: "https://0d53-2405-201-e-d8bd-587b-3674-124d-4208.ngrok.io/auth",
},
})
]
});
important

Custom issuer URLs must end with your apiBasePath, which is /auth by default