# Backend response handling - SDKs

Secuuth provides the below response payload after successful authentication. Your frontend is responsible to send this payload to backend.

```
{
  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi...",
  "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJi...",
  "refreshToken": "ad40e2af38f35937bc702cd8bd9c5c3d0af1aad460df..."
}
```

Typical backend flow is below

1. Validate Access and Id tokens in the middleware
   * Redirect to login flow if tokens are invalid
   * Continue the flow if tokens are valid
2. Decode Access token to extract user information and check if exists in database
   * Create user if does not exist
   * Continue the flow if user exists
3. Set session token in the cookie, Secuuth's access token can be used as session token

## Example

### Node.js

Install SecQure Node Package

<mark style="color:purple;">`npm i secuuth-jwt-js-sdk`</mark>

### Python

<mark style="color:purple;">`pip install secuuthTokenPythonSdk`</mark>

### PHP

Install the SecQure latest package using composer&#x20;

<mark style="color:purple;">`composer require secqure/validatetoken v1.0.2`</mark>

Or integrate the SecQure PHP Library directly from [github](https://github.com/secqure/secqure-php-sdk)

{% tabs %}
{% tab title="Node.js" %}

```
const express = require("express");
const app = express();
var cors = require("cors");
var bodyParser = require("body-parser");
Var secuuthJWT = require("secuuth-jwt-js-sdk");

app.use(cors());
app.use(bodyParser.json());

app.post("/signin", async (req, res) => {
  // Validate access token
  const accessToken = req.body.accessToken;
  var validity = false;
  try {
    validity = await secuuthJWT.SecuuthValidateJWT(accessToken);
  } catch (e) {
    validity = false;
  }
  if (!validity) {
    res.status(401).end("Invalid access token");
    return;
  }

  // Decode access token
  let decoded = new secuuthJWT.SecuuthAccessToken(accessToken);
  // Add logic to Register user and set session tokenJ  
    res.status(200).json(decoded.payload).end();
});

app.listen(port, () =>
  console.log('Example app listening at http://localhost:3000')
);
```

{% endtab %}

{% tab title="Python" %}

```
import json
from flask.app import Flask
from flask import request
from pySdk.idToken import idToken
from pySdk.accessToken import accessToken
from flask_cors import CORS
app = Flask(__name__)
CORS(app)

@app.route('/',methods=['POST'])
def App():
    
    token = request.data
    objs=json.loads(token)
    x=objs['accessToken']
    print(accessToken(x).getUserId());
    print(accessToken(x).decodePayload())
    return accessToken(x).decodePayload();
```

{% endtab %}

{% tab title="PHP" %}

```
<?php 
    require_once("../vendor/autoload.php"); 
    //retrieve the access_token from cookie or body
    
    $token = 'eyJhbGciOiJSUzI1NiIsInR5c.......'
    $myAuth = new ValidateToken();
    $myToken = $myAuth->decodeToken($token);
    
    // add your custom logic 
    //get the user's login Id
    
    echo $myToken->userId; 
?>
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.secuuth.io/backend-response-handling-sdks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.