Skip to main content

Customizing Error Handling

SuperTokens session recipie can throw the following errors:#

Unauthorised error#

  • Thrown when a protected backend API is accessed without a session.
  • The default bahaviour of this is to clear session cookies (if any) and send a 401 to the frontend.
import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
errorHandlers: {
onUnauthorised: async (message, request, response) => {
// TODO: Write your own logic and then send a 401 response to the frontend
},
}
})
]
});

Invalid claim error#

  • Thrown when a protected backend API is accessed with a session that doesn't pass the claim validators
  • The default bahaviour of this is to send a 403 to the frontend with the errors includes in the body.
import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
errorHandlers: {
onInvalidClaim: async (message, request, response) => {
// TODO: Write your own logic and then send a 403 response to the frontend
},
}
})
]
});

Token theft detected#

import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
errorHandlers: {
onTokenTheftDetected: async (sessionHandle, userId, req, res) => {
// TODO: Write your own logic and then send a 401 response to the frontend
},
}
})
]
});
Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react