Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Optional session verification should re-throw TRY_REFRESH_TOKEN errors

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2022-11-22

Context and Problem Statement#

verifySession depends on the value of rid and the method to decide if it should re-throw TRY_REFRESH_TOKEN errors coming from the token validation when the access token expired.

Related issue: https://github.com/supertokens/supertokens-node/issues/156

Considered Options#

  • Return undefined
  • Optional session verification should re-throw TRY_REFRESH_TOKEN errors

Decision Outcome#

Optional session verification should re-throw TRY_REFRESH_TOKEN errors. Reasons:

  • Easier to communicate
  • The rid header affecting if the TRY_REFRESH_TOKEN could be unexpected by users
  • The rid header would be missing in most cases when testing using Postman. It's confusing if that works different from making the same requests through the SDK.

We can ask users who want to use something like sendBeacon on the frontend which doesn't use our interceptors and want to ignore TRY_REFRESH_TOKEN errors on the backend, to create their own middleware which uses getSession and catches and ignores the TRY_REFRESH_TOKEN error.

Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react