How to check is accessToken valid without automatically refreshing it? #29454
-
I am creating an applications that is made from 3 parts : Frontend, Backend and Supabase. Supabase is used for data storage and authentication. On backend, I have middleware that calls My question: How can I check is accessToken valid without Supabase refreshing it (as I want to do it in a separate call). |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
You could check the session for the expire time before you make the call and see if it is expired (not secure, but don't think that would matter for what you are doing). Then don't make getUser() call and do what you want to refresh if expired. Otherwise you can server side decode the jwt with any jwt library and the jwt secret. Very soon you can decode with asymmetric key. https://github.com/orgs/supabase/discussions/29289 |
Beta Was this translation helpful? Give feedback.
-
Thank you for your answer @GaryAustin1 . I will try something like that! |
Beta Was this translation helpful? Give feedback.
You could check the session for the expire time before you make the call and see if it is expired (not secure, but don't think that would matter for what you are doing). Then don't make getUser() call and do what you want to refresh if expired.
Otherwise you can server side decode the jwt with any jwt library and the jwt secret. Very soon you can decode with asymmetric key. https://github.com/orgs/supabase/discussions/29289