Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
access token payload property is omitted when value is 'null'
See original GitHub issue🐛 Bug Report
I noticed that when I decode the access token payload a null value property is actually omitted. I expected it to keep the value null within the payload.
At the same time within the sessionData the null value exists in the payload (within the database).
const SuperTokenAccessTokenModel = zod.object({
version: zod.literal('1'),
superTokensUserId: zod.string(),
/**
* Supertokens for some reason omits externalUserId from the access token payload if it is null.
*/
externalUserId: zod.optional(zod.union([zod.string(), zod.null()])),
email: zod.string(),
});
Useful informations
SessionNode.init({
override: {
functions: originalImplementation => {
return {
...originalImplementation,
createNewSession: async function (input) {
const user = await ThirdPartyEmailPasswordNode.getUserById(input.userId);
if (!user) {
throw new Error(
`SuperTokens: Creating a new session failed. Could not find user with id ${input.userId}.`
);
}
const externalUserId = user.thirdParty ? `${user.thirdParty.id}|${user.thirdParty.userId}` : null;
input.accessTokenPayload = {
version: '1',
superTokensUserId: input.userId,
externalUserId, // This is potentially null
email: user.email,
};
input.sessionData = {
version: '1',
superTokensUserId: input.userId,
externalUserId,
email: user.email,
};
return originalImplementation.createNewSession(input);
},
};
},
},
})
Issue Analytics
- State:
- Created a year ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
JWT decode returns null - Stack Overflow
If you are using this, var decoded = jwt.decode(token, {complete: true}); or var payload = jwt.decode(token);. Check if the token is similar to...
Read more >SCP is missing in access token claims #1286 - GitHub
Unable to get SCP="access_as_user" in access token claims. I want an access token of OAuth v2.0 that returns SCP="access_as_user" in the ...
Read more >Provide optional claims to Azure AD apps - Microsoft Entra
An application can configure optional claims to be returned in each of three types of tokens (ID token, access token, SAML 2 token)...
Read more >Setting Up Authentication and Authorization with Apollo ...
Set up Apollo Gateway and an implementing service with a federated schema to manage access to user account data; Sign a JWT for...
Read more >Access Token Response - OAuth 2.0 Simplified
invalid_request – The request is missing a parameter so the server can't proceed with the request. · invalid_client – Client authentication ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This should be fixed in version >= 3.16.2.
If you are using docker, then the tag is 3.16.
That being said, you can continue to use updateAccessTokenPayload (though eventually that function will be removed) and we are also planning to add an argument to mergeIntoAccessTokenPayload which would allow you to add top level nulls. So it should all just work fine.