Merge pull request #273 from supertokens/jwt-rework/issuer-in-payload

nkshah2 · web-flow · commit 1662da6d4909 · 2023-05-04T11:18:01.000+05:30
feat: Add issuer to access token payload [JWT Rework #2]
diff --git a/examples/go.sum b/examples/go.sum
@@ -49,8 +49,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/ClickHouse/clickhouse-go v1.5.4/go.mod h1:EaI/sW7Azgz9UATzd5ZdZHRUhHgv5+JMS9NSr2smCJI=
 github.com/ClickHouse/clickhouse-go/v2 v2.2.0/go.mod h1:8f2XZUi7XoeU+uPIytSi1cvx8fmJxi7vIgqpvYTF1+o=
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
-github.com/MicahParks/keyfunc v1.0.0 h1:O9VAkG6q/LqX4eS+HuIsW9KfC/Luh2NBQr9v4NiwHU0=
-github.com/MicahParks/keyfunc v1.0.0/go.mod h1:R8RZa27qn+5cHTfYLJ9/+7aSb5JIdz7cl0XFo0o4muo=
+github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
+github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
@@ -198,7 +198,6 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -214,6 +213,7 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -423,6 +423,7 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/nyaruka/phonenumbers v1.0.73 h1:bP2WN8/NUP8tQebR+WCIejFaibwYMHOaB7MQVayclUo=
 github.com/nyaruka/phonenumbers v1.0.73/go.mod h1:3aiS+PS3DuYwkbK3xdcmRwMiPNECZ0oENH8qUT1lY7Q=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -542,6 +543,7 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
+github.com/twilio/twilio-go v0.26.0 h1:wFW4oTe3/LKt6bvByP7eio8JsjtaLHjMQKOUEzQry7U=
 github.com/twilio/twilio-go v0.26.0/go.mod h1:lz62Hopu4vicpQ056H5TJ0JE4AP0rS3sQ35/ejmgOwE=
 github.com/twitchtv/twirp v8.1.0+incompatible h1:KGXanpa9LXdVE/V5P/tA27rkKFmXRGCtSNT7zdeeVOY=
 github.com/twitchtv/twirp v8.1.0+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
diff --git a/recipe/emailverification/api/emailverify.go b/recipe/emailverification/api/emailverify.go
@@ -39,7 +39,7 @@ func EmailVerify(apiImplementation evmodels.APIInterface, options evmodels.APIOp
 		userContext := supertokens.MakeDefaultUserContextFromAPI(options.Req)
 		sessionRequired := false
 		sessionContainer, err := session.GetSessionWithContext(
-			*options.Req, options.Res,
+			options.Req, options.Res,
 			&sessmodels.VerifySessionOptions{
 				SessionRequired: &sessionRequired,
 				OverrideGlobalClaimValidators: func(globalClaimValidators []claims.SessionClaimValidator, sessionContainer sessmodels.SessionContainer, userContext supertokens.UserContext) ([]claims.SessionClaimValidator, error) {
@@ -97,7 +97,7 @@ func EmailVerify(apiImplementation evmodels.APIInterface, options evmodels.APIOp
 
 		userContext := supertokens.MakeDefaultUserContextFromAPI(options.Req)
 		sessionContainer, err := session.GetSessionWithContext(
-			*options.Req,
+			options.Req,
 			options.Res,
 			&sessmodels.VerifySessionOptions{
 				OverrideGlobalClaimValidators: func(globalClaimValidators []claims.SessionClaimValidator, sessionContainer sessmodels.SessionContainer, userContext supertokens.UserContext) ([]claims.SessionClaimValidator, error) {
diff --git a/recipe/emailverification/api/generateEmailVerifyToken.go b/recipe/emailverification/api/generateEmailVerifyToken.go
@@ -33,7 +33,7 @@ func GenerateEmailVerifyToken(apiImplementation evmodels.APIInterface, options e
 	userContext := supertokens.MakeDefaultUserContextFromAPI(options.Req)
 
 	sessionContainer, err := session.GetSessionWithContext(
-		*options.Req, options.Res,
+		options.Req, options.Res,
 		&sessmodels.VerifySessionOptions{
 			OverrideGlobalClaimValidators: func(globalClaimValidators []claims.SessionClaimValidator, sessionContainer sessmodels.SessionContainer, userContext supertokens.UserContext) ([]claims.SessionClaimValidator, error) {
 				validators := []claims.SessionClaimValidator{}
diff --git a/recipe/jwt/createJWTFeature_test.go b/recipe/jwt/createJWTFeature_test.go
@@ -60,6 +60,6 @@ func TestSendingZeroValidityThrowsAnError(t *testing.T) {
 	}
 
 	vaildityPointer := uint64(0)
-	_, err = CreateJWT(map[string]interface{}{}, nil, &vaildityPointer)
+	_, err = CreateJWT(map[string]interface{}{}, &vaildityPointer, nil)
 	assert.Contains(t, err.Error(), "validity must be greater than or equal to 0")
 }
diff --git a/recipe/jwt/main.go b/recipe/jwt/main.go
@@ -40,7 +40,7 @@ func GetJWKSWithContext(userContext supertokens.UserContext) (jwtmodels.GetJWKSR
 	return (*instance.RecipeImpl.GetJWKS)(userContext)
 }
 
-func CreateJWT(payload map[string]interface{}, useStaticSigningKey *bool, validitySecondsPointer *uint64) (jwtmodels.CreateJWTResponse, error) {
+func CreateJWT(payload map[string]interface{}, validitySecondsPointer *uint64, useStaticSigningKey *bool) (jwtmodels.CreateJWTResponse, error) {
 	return CreateJWTWithContext(payload, validitySecondsPointer, useStaticSigningKey, &map[string]interface{}{})
 }
 
diff --git a/recipe/jwt/override_test.go b/recipe/jwt/override_test.go
@@ -106,7 +106,7 @@ func TestOverridingFunctions(t *testing.T) {
 		}
 		payload := result["payload"]
 		validity := uint64(1000)
-		resp, err := CreateJWT(payload.(map[string]interface{}), nil, &validity)
+		resp, err := CreateJWT(payload.(map[string]interface{}), &validity, nil)
 		if err != nil {
 			t.Error(err.Error())
 		}
diff --git a/recipe/session/apiImplementation.go b/recipe/session/apiImplementation.go
@@ -44,7 +44,7 @@ func MakeAPIImplementation() sessmodels.APIInterface {
 			session, err := RefreshSessionInRequest(options.Req, options.Res, options.Config, options.RecipeImplementation, userContext)
 			return session, err
 		} else {
-			sessionContainer, err := GetSessionFromRequest(*options.Req, options.Res, options.Config, &sessmodels.VerifySessionOptions{
+			sessionContainer, err := GetSessionFromRequest(options.Req, options.Res, options.Config, &sessmodels.VerifySessionOptions{
 				AntiCsrfCheck:                 verifySessionOptions.AntiCsrfCheck,
 				SessionRequired:               verifySessionOptions.SessionRequired,
 				CheckDatabase:                 verifySessionOptions.CheckDatabase,
diff --git a/recipe/session/main.go b/recipe/session/main.go
@@ -53,6 +53,11 @@ func CreateNewSessionWithContextWithoutRequestResponse(userID string, accessToke
 		finalAccessTokenPayload = map[string]interface{}{}
 	}
 
+	appInfo := instance.RecipeModule.GetAppInfo()
+	issuer := appInfo.APIDomain.GetAsStringDangerous() + appInfo.APIBasePath.GetAsStringDangerous()
+
+	finalAccessTokenPayload["iss"] = issuer
+
 	for _, claim := range claimsAddedByOtherRecipes {
 		finalAccessTokenPayload, err = claim.Build(userID, finalAccessTokenPayload, userContext)
 		if err != nil {
@@ -69,7 +74,7 @@ func CreateNewSessionWithContextWithoutRequestResponse(userID string, accessToke
 	return (*instance.RecipeImpl.CreateNewSession)(userID, accessTokenPayload, sessionDataInDatabase, &_disableAntiCSRF, userContext)
 }
 
-func GetSessionWithContext(req http.Request, res http.ResponseWriter, options *sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
+func GetSessionWithContext(req *http.Request, res http.ResponseWriter, options *sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
 	instance, err := getRecipeInstanceOrThrowError()
 	if err != nil {
 		return nil, err
@@ -100,7 +105,7 @@ func GetSessionWithContextWithoutRequestResponse(accessToken string, antiCSRFTok
 		if err != nil {
 			return nil, err
 		}
-		claimValidators, err := GetRequiredClaimValidators(*result, overrideGlobalClaimValidators, userContext)
+		claimValidators, err := GetRequiredClaimValidators(result, overrideGlobalClaimValidators, userContext)
 
 		if err != nil {
 			return nil, err
@@ -114,7 +119,7 @@ func GetSessionWithContextWithoutRequestResponse(accessToken string, antiCSRFTok
 
 	}
 
-	return *result, nil
+	return result, nil
 }
 
 func GetSessionInformationWithContext(sessionHandle string, userContext supertokens.UserContext) (*sessmodels.SessionInformation, error) {
@@ -372,7 +377,7 @@ func CreateNewSessionWithoutRequestResponse(userId string, accessTokenPayload ma
 	return CreateNewSessionWithContextWithoutRequestResponse(userId, accessTokenPayload, sessionDataInDatabase, disableAntiCSRF, nil)
 }
 
-func GetSession(req http.Request, res http.ResponseWriter, options *sessmodels.VerifySessionOptions) (sessmodels.SessionContainer, error) {
+func GetSession(req *http.Request, res http.ResponseWriter, options *sessmodels.VerifySessionOptions) (sessmodels.SessionContainer, error) {
 	return GetSessionWithContext(req, res, options, &map[string]interface{}{})
 }
 
@@ -412,7 +417,7 @@ func UpdateSessionDataInDatabase(sessionHandle string, newSessionData map[string
 	return UpdateSessionDataInDatabaseWithContext(sessionHandle, newSessionData, &map[string]interface{}{})
 }
 
-func CreateJWT(payload map[string]interface{}, useStaticSigningKey *bool, validitySecondsPointer *uint64) (jwtmodels.CreateJWTResponse, error) {
+func CreateJWT(payload map[string]interface{}, validitySecondsPointer *uint64, useStaticSigningKey *bool) (jwtmodels.CreateJWTResponse, error) {
 	return CreateJWTWithContext(payload, validitySecondsPointer, useStaticSigningKey, &map[string]interface{}{})
 }
 
diff --git a/recipe/session/middleware_test.go b/recipe/session/middleware_test.go
@@ -152,7 +152,7 @@ func TestSessionVerifyMiddleware(t *testing.T) {
 		SessionRequired: &customSessionRequiredValue,
 		AntiCsrfCheck:   &customValForAntiCsrfCheck,
 	}, func(rw http.ResponseWriter, r *http.Request) {
-		GetSession(*r, rw, &sessmodels.VerifySessionOptions{
+		GetSession(r, rw, &sessmodels.VerifySessionOptions{
 			SessionRequired: &customSessionRequiredValue,
 			AntiCsrfCheck:   &customValForAntiCsrfCheck,
 		})
@@ -442,7 +442,7 @@ func TestSessionVerifyMiddlewareWithAutoRefresh(t *testing.T) {
 		SessionRequired: &customSessionRequiredValue,
 		AntiCsrfCheck:   &customValForAntiCsrfCheck,
 	}, func(rw http.ResponseWriter, r *http.Request) {
-		GetSession(*r, rw, &sessmodels.VerifySessionOptions{
+		GetSession(r, rw, &sessmodels.VerifySessionOptions{
 			SessionRequired: &customSessionRequiredValue,
 			AntiCsrfCheck:   &customValForAntiCsrfCheck,
 		})
@@ -722,7 +722,7 @@ func TestSessionVerifyMiddlewareWithDriverConfig(t *testing.T) {
 		SessionRequired: &customSessionRequiredValue,
 		AntiCsrfCheck:   &customValForAntiCsrfCheck,
 	}, func(rw http.ResponseWriter, r *http.Request) {
-		GetSession(*r, rw, &sessmodels.VerifySessionOptions{
+		GetSession(r, rw, &sessmodels.VerifySessionOptions{
 			SessionRequired: &customSessionRequiredValue,
 			AntiCsrfCheck:   &customValForAntiCsrfCheck,
 		})
@@ -1015,7 +1015,7 @@ func TestSessionVerifyMiddlewareWithDriverConfigWithAutoRefresh(t *testing.T) {
 		SessionRequired: &customSessionRequiredValue,
 		AntiCsrfCheck:   &customValForAntiCsrfCheck,
 	}, func(rw http.ResponseWriter, r *http.Request) {
-		GetSession(*r, rw, &sessmodels.VerifySessionOptions{
+		GetSession(r, rw, &sessmodels.VerifySessionOptions{
 			SessionRequired: &customSessionRequiredValue,
 			AntiCsrfCheck:   &customValForAntiCsrfCheck,
 		})
diff --git a/recipe/session/recipeImplementation.go b/recipe/session/recipeImplementation.go
@@ -69,7 +69,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ
 
 	// In all cases if sIdRefreshToken token exists (so it's a legacy session) we return TRY_REFRESH_TOKEN. The refresh endpoint will clear this cookie and try to upgrade the session.
 	// Check https://supertokens.com/docs/contribute/decisions/session/0007 for further details and a table of expected behaviours
-	getSession := func(accessTokenString string, antiCsrfToken *string, options *sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (*sessmodels.SessionContainer, error) {
+	getSession := func(accessTokenString string, antiCsrfToken *string, options *sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
 		if options != nil && *options.AntiCsrfCheck != false && config.AntiCsrf != AntiCSRF_VIA_CUSTOM_HEADER {
 			return nil, defaultErrors.New("Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")
 		}
@@ -149,7 +149,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ
 		sessionContainerInput := makeSessionContainerInput(accessTokenStringForSession, session.Handle, session.UserID, payload, result, frontToken, antiCsrfToken, nil, nil, !accessTokenNil)
 		sessionContainer := newSessionContainer(config, &sessionContainerInput)
 
-		return &sessionContainer, nil
+		return sessionContainer, nil
 	}
 
 	getSessionInformation := func(sessionHandle string, userContext supertokens.UserContext) (*sessmodels.SessionInformation, error) {
diff --git a/recipe/session/session.go b/recipe/session/session.go
@@ -328,7 +328,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session
 			RefreshToken:                  refreshToken,
 			AntiCsrfToken:                 session.antiCSRFToken,
 			FrontToken:                    session.frontToken,
-			AccessAndFrontendTokenUpdates: session.accessTokenUpdated,
+			AccessAndFrontendTokenUpdated: session.accessTokenUpdated,
 		}
 	}
 
diff --git a/recipe/session/sessionRequestFunctions.go b/recipe/session/sessionRequestFunctions.go
@@ -18,10 +18,11 @@ package session
 import (
 	defaultErrors "errors"
 	"fmt"
-	"github.com/supertokens/supertokens-golang/recipe/session/claims"
 	"net/http"
 	"strconv"
 
+	"github.com/supertokens/supertokens-golang/recipe/session/claims"
+
 	"github.com/supertokens/supertokens-golang/recipe/session/errors"
 	"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
 	"github.com/supertokens/supertokens-golang/supertokens"
@@ -39,6 +40,9 @@ func CreateNewSessionInRequest(req *http.Request, res http.ResponseWriter, confi
 		finalAccessTokenPayload = map[string]interface{}{}
 	}
 
+	issuer := appInfo.APIDomain.GetAsStringDangerous() + appInfo.APIBasePath.GetAsStringDangerous()
+	finalAccessTokenPayload["iss"] = issuer
+
 	for _, claim := range claimsAddedByOtherRecipes {
 		_finalAccessTokenPayload, err := claim.Build(userID, finalAccessTokenPayload, userContext)
 		if err != nil {
@@ -102,16 +106,16 @@ func CreateNewSessionInRequest(req *http.Request, res http.ResponseWriter, confi
 
 	sessionResponse.AttachToRequestResponse(sessmodels.RequestResponseInfo{
 		Res:                 res,
-		Req:                 *req,
+		Req:                 req,
 		TokenTransferMethod: outputTokenTransferMethod,
 	})
 	supertokens.LogDebugMessage("createNewSession: Attached new tokens to res")
 
 	return sessionResponse, nil
 }
 
-func GetSessionFromRequest(req http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, options *sessmodels.VerifySessionOptions, recipeImpl sessmodels.RecipeInterface, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
-	idRefreshToken := GetCookieValue(&req, legacyIdRefreshTokenCookieName)
+func GetSessionFromRequest(req *http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, options *sessmodels.VerifySessionOptions, recipeImpl sessmodels.RecipeInterface, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
+	idRefreshToken := GetCookieValue(req, legacyIdRefreshTokenCookieName)
 	if idRefreshToken != nil {
 		return nil, errors.TryRefreshTokenError{
 			Msg: "using legacy session, please call the refresh API",
@@ -125,7 +129,7 @@ func GetSessionFromRequest(req http.Request, res http.ResponseWriter, config ses
 
 	// We check all token transfer methods for available access tokens
 	for _, tokenTransferMethod := range AvailableTokenTransferMethods {
-		token, err := GetToken(&req, sessmodels.AccessToken, tokenTransferMethod)
+		token, err := GetToken(req, sessmodels.AccessToken, tokenTransferMethod)
 		if err != nil {
 			return nil, err
 		}
@@ -145,7 +149,7 @@ func GetSessionFromRequest(req http.Request, res http.ResponseWriter, config ses
 		}
 	}
 
-	allowedTokenTransferMethod := config.GetTokenTransferMethod(&req, false, userContext)
+	allowedTokenTransferMethod := config.GetTokenTransferMethod(req, false, userContext)
 
 	var requestTokenTransferMethod sessmodels.TokenTransferMethod
 	var accessToken *sessmodels.ParsedJWTInfo
@@ -174,7 +178,7 @@ func GetSessionFromRequest(req http.Request, res http.ResponseWriter, config ses
 		}
 	}
 
-	antiCsrfToken := GetAntiCsrfTokenFromHeaders(&req)
+	antiCsrfToken := GetAntiCsrfTokenFromHeaders(req)
 	var doAntiCsrfCheck *bool
 
 	if options != nil {
@@ -209,7 +213,7 @@ func GetSessionFromRequest(req http.Request, res http.ResponseWriter, config ses
 		if err != nil {
 			return nil, err
 		}
-		claimValidators, err := GetRequiredClaimValidators(*sessionResult, overrideGlobalClaimValidators, userContext)
+		claimValidators, err := GetRequiredClaimValidators(sessionResult, overrideGlobalClaimValidators, userContext)
 
 		if err != nil {
 			return nil, err
@@ -231,7 +235,7 @@ func GetSessionFromRequest(req http.Request, res http.ResponseWriter, config ses
 		}
 	}
 
-	return *sessionResult, nil
+	return sessionResult, nil
 }
 
 func RefreshSessionInRequest(req *http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, recipeImpl sessmodels.RecipeInterface, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
@@ -324,7 +328,7 @@ func RefreshSessionInRequest(req *http.Request, res http.ResponseWriter, config
 
 	(*result).AttachToRequestResponse(sessmodels.RequestResponseInfo{
 		Res:                 res,
-		Req:                 *req,
+		Req:                 req,
 		TokenTransferMethod: requestTokenTransferMethod,
 	})
 
diff --git a/recipe/session/session_test.go b/recipe/session/session_test.go
diff --git a/recipe/session/sessmodels/models.go b/recipe/session/sessmodels/models.go
diff --git a/recipe/session/sessmodels/recipeInterface.go b/recipe/session/sessmodels/recipeInterface.go
diff --git a/recipe/session/signout.go b/recipe/session/signout.go
diff --git a/recipe/session/utils.go b/recipe/session/utils.go
diff --git a/recipe/session/verifySession_test.go b/recipe/session/verifySession_test.go

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,6 @@ func TestSendingZeroValidityThrowsAnError(t *testing.T) {`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`vaildityPointer := uint64(0)`
`63`		`- _, err = CreateJWT(map[string]interface{}{}, nil, &vaildityPointer)`
	`63`	`+ _, err = CreateJWT(map[string]interface{}{}, &vaildityPointer, nil)`
`64`	`64`	`assert.Contains(t, err.Error(), "validity must be greater than or equal to 0")`
`65`	`65`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ func GetJWKSWithContext(userContext supertokens.UserContext) (jwtmodels.GetJWKSR`
`40`	`40`	`return (*instance.RecipeImpl.GetJWKS)(userContext)`
`41`	`41`	`}`
`42`	`42`
`43`		`-func CreateJWT(payload map[string]interface{}, useStaticSigningKey bool, validitySecondsPointer uint64) (jwtmodels.CreateJWTResponse, error) {`
	`43`	`+func CreateJWT(payload map[string]interface{}, validitySecondsPointer uint64, useStaticSigningKey bool) (jwtmodels.CreateJWTResponse, error) {`
`44`	`44`	`return CreateJWTWithContext(payload, validitySecondsPointer, useStaticSigningKey, &map[string]interface{}{})`
`45`	`45`	`}`
`46`	`46`
Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ func TestOverridingFunctions(t *testing.T) {`
`106`	`106`	`}`
`107`	`107`	`payload := result["payload"]`
`108`	`108`	`validity := uint64(1000)`
`109`		`- resp, err := CreateJWT(payload.(map[string]interface{}), nil, &validity)`
	`109`	`+ resp, err := CreateJWT(payload.(map[string]interface{}), &validity, nil)`
`110`	`110`	`if err != nil {`
`111`	`111`	`t.Error(err.Error())`
`112`	`112`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,11 @@ func CreateNewSessionWithContextWithoutRequestResponse(userID string, accessToke`
`53`	`53`	`finalAccessTokenPayload = map[string]interface{}{}`
`54`	`54`	`}`
`55`	`55`
	`56`	`+ appInfo := instance.RecipeModule.GetAppInfo()`
	`57`	`+ issuer := appInfo.APIDomain.GetAsStringDangerous() + appInfo.APIBasePath.GetAsStringDangerous()`
	`58`	`+`
	`59`	`+ finalAccessTokenPayload["iss"] = issuer`
	`60`	`+`
`56`	`61`	`for _, claim := range claimsAddedByOtherRecipes {`
`57`	`62`	`finalAccessTokenPayload, err = claim.Build(userID, finalAccessTokenPayload, userContext)`
`58`	`63`	`if err != nil {`
`@@ -69,7 +74,7 @@ func CreateNewSessionWithContextWithoutRequestResponse(userID string, accessToke`
`69`	`74`	`return (*instance.RecipeImpl.CreateNewSession)(userID, accessTokenPayload, sessionDataInDatabase, &_disableAntiCSRF, userContext)`
`70`	`75`	`}`
`71`	`76`
`72`		`-func GetSessionWithContext(req http.Request, res http.ResponseWriter, options *sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {`
	`77`	`+func GetSessionWithContext(req http.Request, res http.ResponseWriter, options sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {`
`73`	`78`	`instance, err := getRecipeInstanceOrThrowError()`
`74`	`79`	`if err != nil {`
`75`	`80`	`return nil, err`
`@@ -100,7 +105,7 @@ func GetSessionWithContextWithoutRequestResponse(accessToken string, antiCSRFTok`
`100`	`105`	`if err != nil {`
`101`	`106`	`return nil, err`
`102`	`107`	`}`
`103`		`- claimValidators, err := GetRequiredClaimValidators(*result, overrideGlobalClaimValidators, userContext)`
	`108`	`+ claimValidators, err := GetRequiredClaimValidators(result, overrideGlobalClaimValidators, userContext)`
`104`	`109`
`105`	`110`	`if err != nil {`
`106`	`111`	`return nil, err`
`@@ -114,7 +119,7 @@ func GetSessionWithContextWithoutRequestResponse(accessToken string, antiCSRFTok`
`114`	`119`
`115`	`120`	`}`
`116`	`121`
`117`		`- return *result, nil`
	`122`	`+ return result, nil`
`118`	`123`	`}`
`119`	`124`
`120`	`125`	`func GetSessionInformationWithContext(sessionHandle string, userContext supertokens.UserContext) (*sessmodels.SessionInformation, error) {`
`@@ -372,7 +377,7 @@ func CreateNewSessionWithoutRequestResponse(userId string, accessTokenPayload ma`
`372`	`377`	`return CreateNewSessionWithContextWithoutRequestResponse(userId, accessTokenPayload, sessionDataInDatabase, disableAntiCSRF, nil)`
`373`	`378`	`}`
`374`	`379`
`375`		`-func GetSession(req http.Request, res http.ResponseWriter, options *sessmodels.VerifySessionOptions) (sessmodels.SessionContainer, error) {`
	`380`	`+func GetSession(req http.Request, res http.ResponseWriter, options sessmodels.VerifySessionOptions) (sessmodels.SessionContainer, error) {`
`376`	`381`	`return GetSessionWithContext(req, res, options, &map[string]interface{}{})`
`377`	`382`	`}`
`378`	`383`
`@@ -412,7 +417,7 @@ func UpdateSessionDataInDatabase(sessionHandle string, newSessionData map[string`
`412`	`417`	`return UpdateSessionDataInDatabaseWithContext(sessionHandle, newSessionData, &map[string]interface{}{})`
`413`	`418`	`}`
`414`	`419`
`415`		`-func CreateJWT(payload map[string]interface{}, useStaticSigningKey bool, validitySecondsPointer uint64) (jwtmodels.CreateJWTResponse, error) {`
	`420`	`+func CreateJWT(payload map[string]interface{}, validitySecondsPointer uint64, useStaticSigningKey bool) (jwtmodels.CreateJWTResponse, error) {`
`416`	`421`	`return CreateJWTWithContext(payload, validitySecondsPointer, useStaticSigningKey, &map[string]interface{}{})`
`417`	`422`	`}`
`418`	`423`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ`
`69`	`69`
`70`	`70`	`// In all cases if sIdRefreshToken token exists (so it's a legacy session) we return TRY_REFRESH_TOKEN. The refresh endpoint will clear this cookie and try to upgrade the session.`
`71`	`71`	`// Check https://supertokens.com/docs/contribute/decisions/session/0007 for further details and a table of expected behaviours`
`72`		`- getSession := func(accessTokenString string, antiCsrfToken string, options sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (*sessmodels.SessionContainer, error) {`
	`72`	`+ getSession := func(accessTokenString string, antiCsrfToken string, options sessmodels.VerifySessionOptions, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {`
`73`	`73`	`if options != nil && *options.AntiCsrfCheck != false && config.AntiCsrf != AntiCSRF_VIA_CUSTOM_HEADER {`
`74`	`74`	`return nil, defaultErrors.New("Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")`
`75`	`75`	`}`
`@@ -149,7 +149,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ`
`149`	`149`	`sessionContainerInput := makeSessionContainerInput(accessTokenStringForSession, session.Handle, session.UserID, payload, result, frontToken, antiCsrfToken, nil, nil, !accessTokenNil)`
`150`	`150`	`sessionContainer := newSessionContainer(config, &sessionContainerInput)`
`151`	`151`
`152`		`- return &sessionContainer, nil`
	`152`	`+ return sessionContainer, nil`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`getSessionInformation := func(sessionHandle string, userContext supertokens.UserContext) (*sessmodels.SessionInformation, error) {`