Which frontend SDK do you use?

supertokens-web-js / mobile

supertokens-auth-react

5. Session verification / Building your APIs

For this guide, we will assume that we want a new API Gateway endpoint /user GET invoked by the same lambda function and it returns the current session information.

1) Copy this snippet to your handler file

We use the verify session function to get the session information.

NodeJS

An example of this is here.

auth.ts

import supertokens from "supertokens-node";import { getBackendConfig } from "./config";import { verifySession } from "supertokens-node/recipe/session/framework/awsLambda";import { SessionEvent } from "supertokens-node/framework/awsLambda";import middy from "@middy/core";import cors from "@middy/http-cors";
supertokens.init(getBackendConfig());
const handler = async (event: SessionEvent) => {    return {        body: JSON.stringify({            sessionHandle: event.session!.getHandle(),            userId: event.session!.getUserId(),            accessTokenPayload: event.session!.getAccessTokenPayload()        })    }}
module.exports.handler = middy(verifySession(handler)).use(cors({    origin: getBackendConfig().appInfo.websiteDomain,    credentials: true,    headers: ["Content-Type", ...supertokens.getAllCORSHeaders()].join(", "),    methods: "OPTIONS,POST,GET,PUT,DELETE"})).onError(request => {    throw request.error;});

Python

auth.py

import nest_asyncio nest_asyncio.apply() 
from fastapi import FastAPIfrom starlette.middleware.cors import CORSMiddlewarefrom mangum import Mangum
from supertokens_python import init, get_all_cors_headersfrom supertokens_python.framework.fastapi import get_middleware
import config 
init(    supertokens_config=config.supertokens_config,     app_info=config.app_info,     framework=config.framework,     recipe_list=config.recipe_list,     mode="asgi",)
app = FastAPI(title="SuperTokens Example")
from fastapi import Dependsfrom supertokens_python.recipe.session.framework.fastapi import verify_sessionfrom supertokens_python.recipe.session import SessionContainer
@app.get("/user")def user(s: SessionContainer = Depends(verify_session())):    return {        "sessionHandle": s.get_handle(),        "userId": s.get_user_id(),        "accessTokenPayload": s.get_access_token_payload()    }
app.add_middleware(get_middleware())
app = CORSMiddleware(    app=app,    allow_origins=[        config.app_info.website_domain      ],    allow_credentials=True,    allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],    allow_headers=["Content-Type"] + get_all_cors_headers(),)
handler = Mangum(app)

2) Configure API Gateway

• In your API Gateway, create a base path /user and enable Enable API Gateway CORS.
• Create a GET method for the route and associate the lambda function we created in the above step.
• When associating the lambda function, enable Lambda Proxy integration.
• Enable CORS for the '/user' route with following values:
  • Add rid,fdi-version,anti-csrf to the existing Access-Control-Allow-Headers
  • Set Access-Control-Allow-Origin to '<YOUR_WEBSITE_DOMAIN>'
  • Set Access-Control-Allow-Credentials to 'true'. Don't miss out on those quotes else it won't get configured correctly.