important
This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
Deprecate JWT option once the access token is a proper JWT itself
Status
This is just a proposal so far, it hasn't been accepted and needs further discussion.
- Status:
- proposed
- Deciders:
- rishabhpoddar, porcellus
- Proposed by:
- porcellus
- Created:
- 2022-10-25
- Last updated:
- 2023-01-02
#
Context and Problem StatementWe want to make our access token into a valid JWT. So, in the future the jwt setting will be "replaced" with just setting the auth mode to header. We need to decide a deprecation/migration path.
#
Considered Options- Add deprecation warning if the jwt setting is turned on.
- Keep the jwt option.
#
Decision OutcomeOnce we make the entire access token into a JWT:
- Add deprecation warning with a migration link and set
exposeAccessTokenToFrontendInCookieBasedAuth
to true. See here - Add a function to the FE to access the entire access token as a string.
Until then: the auth mode and jwt options are entirely independent, the jwt can be accessed through the access token payload in both auth modes.