Skip to main content

5. Session verification / Building your APIs

For this guide, we will assume that we want a new API Gateway endpoint /user GET invoked by the same lambda function and it returns the current session information.

1) Copy this snippet to your handler file#

We use the verify session function to get the session information.

An example of this is here.

auth.ts
import supertokens from "supertokens-node";
import { getBackendConfig } from "./config";
import { verifySession } from "supertokens-node/recipe/session/framework/awsLambda";
import { SessionEvent } from "supertokens-node/framework/awsLambda";
import middy from "@middy/core";
import cors from "@middy/http-cors";

supertokens.init(getBackendConfig());

const handler = async (event: SessionEvent) => {
return {
body: JSON.stringify({
sessionHandle: event.session!.getHandle(),
userId: event.session!.getUserId(),
accessTokenPayload: event.session!.getAccessTokenPayload()
})
}
}

module.exports.handler = middy(verifySession(handler)).use(cors({
origin: getBackendConfig().appInfo.websiteDomain,
credentials: true,
headers: ["Content-Type", ...supertokens.getAllCORSHeaders()].join(", "),
methods: "OPTIONS,POST,GET,PUT,DELETE"
})).onError(request => {
throw request.error;
});

2) Configure API Gateway#

  • In your API Gateway, create a base path /user and enable Enable API Gateway CORS.
  • Create a GET method for the route and associate the lambda function we created in the above step.
  • When associating the lambda function, enable Lambda Proxy integration.
  • Enable CORS for the '/user' route with following values:
    • Add rid,fdi-version,anti-csrf,st-auth-mode to the existing Access-Control-Allow-Headers
    • Set Access-Control-Allow-Origin to '<YOUR_WEBSITE_DOMAIN>'
    • Set Access-Control-Allow-Credentials to 'true'. Don't miss out on those quotes else it won't get configured correctly.