Despite explicitly entering

http://localhost:8080

as the allowed origin when enabling CORS for my API Gateway (for both

/user

and

/auth

resources), I still get what appears to be a CORS error. The first,

OPTIONS

request returns code 403 Forbidden, saying,

CORS Missing Allow Origin

. The second,

POST

request says,

NS_ERROR_DOM_BAD_URI

. On the other hand, when testing the API from the online tool, https://hoppscotch.io — which, from what I understand, sends the request from its own domain — it's received perfectly fine. What's up with that?

Hi, I'm facing the following issue - (Front-end - Network inspector) - 500 status code - Response : {"error": "User authentication", "message": "Session is not defined"} Stack : - Front : React - Back : Nodejs - Receipe : Session, Self-hosted - mongodb - The above artefacts "dockerized" which means the entiere configuration is described on dockercompose.yml Thanks by advance for your attention,

500 error debugging

Is it possible to create an oauth2 provider with supertokens??

I want to say thank you to the Supertokens team! I have been integrating Supertokens into a legacy Sails app, and the experience has been good. I have found solutions in the docs to any problems. The story behind this is that I noticed my client having extremely bad password security, so I suggested we switch to Auth0 which they agreed to. Once I had Auth0 integrated (long journey, the app used its own sessions and users so I had to remove all that), I noticed I was getting quickly rate limited when fetching user data for normal site requests. I figured this would be solved once we started paying for Auth0, but then I dug into the pricing... 😬 oh boy. Super expensive. At this point I started looking for a self-hosted alternative and found Supertokens! Since the app is already decoupled from sessions and users, it is pretty simple to dump Auth0 and integrate Supertokens.

@rp is grpc golang example ready

Golang grpc example

How to implement Multi Factor Authentication with super tokens

2fa

What is the recommended way for using supertokens in flutter... Since the flutter SDK is deprecated

How do we use supertokens with sveltekit??

Hey @rp I was wondering how different microservices will authenticate request. Found this https://stackoverflow.com/questions/49836268/how-to-deal-with-authentication-in-a-micro-services-architecture

Just curious on https://supertokens.com/docs/emailpassword/common-customizations/sessions/securing-component, why is the component which checks the session and redirects to auth routes specific to a recipe?

was just wondering has anyone managed to get supertokens working with sqllite

instead of using postgres or mysql

You should see this https://discord.com/channels/603466164219281420/603466164219281426/978668626515222549

ah i see

so there is no way to get it working with something like this https://litestream.io/?

Well, you could always fork the core and make changes to the in mem db to write to a file as opposed to being in mem. Other than that, you will have to wait for our generic SQL support

ok ok

would you consider merging if i wrote a PR to support this?

Unfortunately we wouldn’t add it to the main core. Since we are already working on another solution that would support all SQL dbs. So adding this would just mean that we would have to get rid of it anyway in a few months time.

@aylmao actually on second thought, it might be useful to have this put in the core until we have the generic solution. Since others have asked too. It would be a good mid way until then.

For signing of JWT is there support for other algorithms like EdDSA

JWT signing algorithm

I was try the example of jackson with supertokens, it works fine with the ThridPartyEmailPassworf recipe but when i use just the ThridParty recipe after successful saml authentication , the signup post does not seems to create the user

duh 😅 found the issue the , override of signInUpPOST was calling the thirdPartySignInUpPOST (this was undefined) rather than the original signInUpPOST function

Hi! I'm trying to login with the Google provider and it works, but upon login an error is thrown in the console from supertokens axios: Error: Request failed with status code 400

Why am I getting this error? Same setup was working fine locally on my other machine.

Conceptually speaking, would there be an issue with running multiple ST core instances against the same DB? For example, you have a load balanced API with multiple instances, and you (hypothetically) would create a new node by spinning up an image of your app together with the ST core process (where all the ST cores point to the same DB, and use the same config ofc). Would that work, or does the ST core process hold some state within memory which would make it unfeasible?