5. Session verification / Building your APIs
For this guide, we will assume that we want a new API Gateway endpoint /user GET
invoked by the same lambda function and it returns the current session information.
#
1) Copy this snippet to your handler fileWe use the verify session function to get the session information.
- NodeJS
- Python
- Other Frameworks
Important
For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.
An example of this is here.
auth.ts
import supertokens from "supertokens-node";
import { getBackendConfig } from "./config";
import { verifySession } from "supertokens-node/recipe/session/framework/awsLambda";
import { SessionEvent } from "supertokens-node/framework/awsLambda";
import middy from "@middy/core";
import cors from "@middy/http-cors";
supertokens.init(getBackendConfig());
const handler = async (event: SessionEvent) => {
return {
body: JSON.stringify({
sessionHandle: event.session!.getHandle(),
userId: event.session!.getUserId(),
accessTokenPayload: event.session!.getAccessTokenPayload()
})
}
}
module.exports.handler = middy(verifySession(handler)).use(cors({
origin: getBackendConfig().appInfo.websiteDomain,
credentials: true,
headers: ["Content-Type", ...supertokens.getAllCORSHeaders()].join(", "),
methods: "OPTIONS,POST,GET,PUT,DELETE"
})).onError(request => {
throw request.error;
});
auth.py
import nest_asyncio
nest_asyncio.apply()
from fastapi import FastAPI
from starlette.middleware.cors import CORSMiddleware
from mangum import Mangum
from supertokens_python import init, get_all_cors_headers
from supertokens_python.framework.fastapi import get_middleware
import config
init(
supertokens_config=config.supertokens_config,
app_info=config.app_info,
framework=config.framework,
recipe_list=config.recipe_list,
mode="asgi",
)
app = FastAPI(title="SuperTokens Example")
from fastapi import Depends
from supertokens_python.recipe.session.framework.fastapi import verify_session
from supertokens_python.recipe.session import SessionContainer
@app.get("/user")
def user(s: SessionContainer = Depends(verify_session())):
return {
"sessionHandle": s.get_handle(),
"userId": s.get_user_id(),
"accessTokenPayload": s.get_access_token_payload()
}
app.add_middleware(get_middleware())
app = CORSMiddleware(
app=app,
allow_origins=[
config.app_info.website_domain
],
allow_credentials=True,
allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
allow_headers=["Content-Type"] + get_all_cors_headers(),
)
handler = Mangum(app)
#
2) Configure API Gateway- In your API Gateway, create a base path
/user
and enableEnable API Gateway CORS
. - Create a
GET
method for the route and associate the lambda function we created in the above step. - When associating the lambda function, enable
Lambda Proxy integration
. - Enable CORS for the '/user' route with following values:
- Add
rid,fdi-version,anti-csrf,st-auth-mode
to the existingAccess-Control-Allow-Headers
- Set
Access-Control-Allow-Origin
to'<YOUR_WEBSITE_DOMAIN>'
- Set
Access-Control-Allow-Credentials
to'true'
. Don't miss out on those quotes else it won't get configured correctly.
- Add