From 186f52f0b013a5c28c5fa2dfb4b6b74d893300f9 Mon Sep 17 00:00:00 2001 From: rishabhpoddar Date: Thu, 26 Oct 2023 13:30:47 +0530 Subject: [PATCH] removes unnecessary token theft detection check --- .../get-session.mdx | 22 ------------------- .../get-session.mdx | 22 ------------------- .../get-session.mdx | 22 ------------------- .../get-session.mdx | 22 ------------------- .../get-session.mdx | 22 ------------------- .../get-session.mdx | 22 ------------------- 6 files changed, 132 deletions(-) diff --git a/v2/emailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx b/v2/emailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx index b2b17c09e..ff54043b0 100644 --- a/v2/emailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx +++ b/v2/emailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) { // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1173,10 +1166,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1373,10 +1355,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there diff --git a/v2/passwordless/common-customizations/sessions/session-verification-in-api/get-session.mdx b/v2/passwordless/common-customizations/sessions/session-verification-in-api/get-session.mdx index b2b17c09e..ff54043b0 100644 --- a/v2/passwordless/common-customizations/sessions/session-verification-in-api/get-session.mdx +++ b/v2/passwordless/common-customizations/sessions/session-verification-in-api/get-session.mdx @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) { // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1173,10 +1166,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1373,10 +1355,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there diff --git a/v2/session/common-customizations/sessions/session-verification-in-api/get-session.mdx b/v2/session/common-customizations/sessions/session-verification-in-api/get-session.mdx index 20f214f9a..45b6b59fc 100644 --- a/v2/session/common-customizations/sessions/session-verification-in-api/get-session.mdx +++ b/v2/session/common-customizations/sessions/session-verification-in-api/get-session.mdx @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) { // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1173,10 +1166,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1373,10 +1355,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there diff --git a/v2/thirdparty/common-customizations/sessions/session-verification-in-api/get-session.mdx b/v2/thirdparty/common-customizations/sessions/session-verification-in-api/get-session.mdx index b2b17c09e..ff54043b0 100644 --- a/v2/thirdparty/common-customizations/sessions/session-verification-in-api/get-session.mdx +++ b/v2/thirdparty/common-customizations/sessions/session-verification-in-api/get-session.mdx @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) { // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1173,10 +1166,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1373,10 +1355,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there diff --git a/v2/thirdpartyemailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx b/v2/thirdpartyemailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx index b2b17c09e..ff54043b0 100644 --- a/v2/thirdpartyemailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx +++ b/v2/thirdpartyemailpassword/common-customizations/sessions/session-verification-in-api/get-session.mdx @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) { // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1173,10 +1166,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1373,10 +1355,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there diff --git a/v2/thirdpartypasswordless/common-customizations/sessions/session-verification-in-api/get-session.mdx b/v2/thirdpartypasswordless/common-customizations/sessions/session-verification-in-api/get-session.mdx index b2b17c09e..ff54043b0 100644 --- a/v2/thirdpartypasswordless/common-customizations/sessions/session-verification-in-api/get-session.mdx +++ b/v2/thirdpartypasswordless/common-customizations/sessions/session-verification-in-api/get-session.mdx @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) { // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1173,10 +1166,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if (err.type === Session.Error.INVALID_CLAIMS) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel // You can handle this in a custom way by sending a 401. // Or you can call the errorHandler middleware as shown below - } else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) { - // Session hijacking attempted. You should revoke the session - // using Session.revokeSession fucntion and send a 401 } else if defaultErrors.As(err, &errors.InvalidClaimError{}) { // The user is missing some required claim. // You can pass the missing claims to the frontend and handle it there @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer from supertokens_python.recipe.session.interfaces import SessionClaimValidator from supertokens_python.types import MaybeAwaitable from supertokens_python.recipe.session.exceptions import ( - TokenTheftError, UnauthorisedError, InvalidClaimsError, TryRefreshTokenError @@ -1373,10 +1355,6 @@ def verify_session( # You can handle this in a custom way by sending a 401. # Or you can call the errorHandler middleware as shown below pass - if isinstance(e, TokenTheftError): - # Session hijacking attempted. You should revoke the session - # using Session.revokeSession fucntion and send a 401 - pass if isinstance(e, InvalidClaimsError): # The user is missing some required claim. # You can pass the missing claims to the frontend and handle it there