Which UI do you use?

Custom UI

Pre built UI

5. Session verification / Building your APIs

For this guide, we will assume that we want a new API Gateway endpoint /user GET invoked by the same lambda function and it returns the current session information.

1) Copy this snippet to your handler file

We use the verify session function to get the session information.

NodeJS

Important

For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.

Python

An example of this is here.

auth.ts

import supertokens from "supertokens-node";
import { getBackendConfig } from "./config";
import { verifySession } from "supertokens-node/recipe/session/framework/awsLambda";
import { SessionEvent } from "supertokens-node/framework/awsLambda";
import middy from "@middy/core";
import cors from "@middy/http-cors";

supertokens.init(getBackendConfig());

const handler = async (event: SessionEvent) => {
    return {
        body: JSON.stringify({
            sessionHandle: event.session!.getHandle(),
            userId: event.session!.getUserId(),
            accessTokenPayload: event.session!.getAccessTokenPayload()
        })
    }
}

module.exports.handler = middy(verifySession(handler)).use(cors({
    origin: getBackendConfig().appInfo.websiteDomain,
    credentials: true,
    headers: ["Content-Type", ...supertokens.getAllCORSHeaders()].join(", "),
    methods: "OPTIONS,POST,GET,PUT,DELETE"
})).onError(request => {
    throw request.error;
});

Other Frameworks

auth.py

import nest_asyncio 
nest_asyncio.apply() 

from fastapi import FastAPI
from starlette.middleware.cors import CORSMiddleware
from mangum import Mangum

from supertokens_python import init, get_all_cors_headers
from supertokens_python.framework.fastapi import get_middleware

import config 

init(
    supertokens_config=config.supertokens_config, 
    app_info=config.app_info, 
    framework=config.framework, 
    recipe_list=config.recipe_list, 
    mode="asgi",
)

app = FastAPI(title="SuperTokens Example")

from fastapi import Depends
from supertokens_python.recipe.session.framework.fastapi import verify_session
from supertokens_python.recipe.session import SessionContainer

@app.get("/user")
def user(s: SessionContainer = Depends(verify_session())):
    return {
        "sessionHandle": s.get_handle(),
        "userId": s.get_user_id(),
        "accessTokenPayload": s.get_access_token_payload()
    }

app.add_middleware(get_middleware())

app = CORSMiddleware(
    app=app,
    allow_origins=[
        config.app_info.website_domain  
    ],
    allow_credentials=True,
    allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
    allow_headers=["Content-Type"] + get_all_cors_headers(),
)

handler = Mangum(app)

2) Configure API Gateway

• In your API Gateway, create a base path /user and enable Enable API Gateway CORS.
• Create a GET method for the route and associate the lambda function we created in the above step.
• When associating the lambda function, enable Lambda Proxy integration.
• Enable CORS for the '/user' route with following values:
  • Add rid,fdi-version,anti-csrf,st-auth-mode to the existing Access-Control-Allow-Headers
  • Set Access-Control-Allow-Origin to '<YOUR_WEBSITE_DOMAIN>'
  • Set Access-Control-Allow-Credentials to 'true'. Don't miss out on those quotes else it won't get configured correctly.