How to check is accessToken valid without automatically refreshing it?

[AljosaK]

I am creating an applications that is made from 3 parts : Frontend, Backend and Supabase. Supabase is used for data storage and authentication. On backend, I have middleware that calls supabase.auth.getUser(accessToken) to check is session still valid or not. This part is working correctly. Issue comes when accessToken expires. It returns 401 but also it seems like it refreshes token in the background. When I call supabase.auth.refreshSession({ refresh_token }) it says that refreshToken is already used and I can't retrieve new one without logging in again.

My question: How can I check is accessToken valid without Supabase refreshing it (as I want to do it in a separate call).

[GaryAustin1]

You could check the session for the expire time before you make the call and see if it is expired (not secure, but don't think that would matter for what you are doing). Then don't make getUser() call and do what you want to refresh if expired.

Otherwise you can server side decode the jwt with any jwt library and the jwt secret. Very soon you can decode with asymmetric key. https://github.com/orgs/supabase/discussions/29289

[AljosaK]

Thank you for your answer @GaryAustin1 . I will try something like that!