I see, yes I get that! thanks!

So normally you would want to store your user’s sensitive data only in your backend. And not theirs.

Yeah

But this depends on what they offer and what you want to use them for.

Okay got it

Cool

Hey guys, another question here: Im considering rewriting my application from REST to GraphQL and removing Redux in favour of Apollo. I use React Native on the front end. Does super tokens RN work better with Redux or can it be done just the same without? Do you recommend GraphQL from a security standpoint and also in terms of working with SuperTokens?

SuperTokens would work equally well with or without graphql/redux. Their usage is nothing todo with security.

U can choose whatever you want, and SuperTokens will work just fine!

Hey, I got a question about how SuperTokens was built itself. Did you happen to use functional programming techniques in the development of SuperTokens?

Yup. We did. Our node implementation uses some cool promise based functional programming. There are also other concepts like usage of map, filter etc etc.. finally, using callbacks is also considered as functional programming.

Bleeding edge hahah, did you happen to aim for pure functions or was that not a priority?

I mean we used typescript for that, so we used object oriented and functional programming as we saw the need

Hmmm, cool. Im just learning about it now and was curious! 😄

cool!

Hello guys. do you know when you will release the iOS framework ?

By the mid to end of October.

If you need priority implementation, then we can come to some sort of arrangement for that.

ok great. and to understand the how work supertoken. Can we just start by using it over our api REST call without the iOS or Android framework ? This is a stupid question but just wanted to know lol

yes you can. But you will have to handle the refreshing the session part yourself manually on the frontend (which is what our SDK does).

ok it's was i understand after reading your doc. Nice.

thank you! feel free to ask questions here 🙂

hello rishabh

Super what you have made is literally amazing

just one thing if we have provision for adding our own configuration that would be amazing

Because every organisation has different use case with their authentication needs

Hi Ghost! Welcome to SuperTokens community and thanks for the feedback. Could you please elaborate? Is there any specific configuration you're looking for?

if the refresh token isn't hashed couldn't database acces be dangerous?

or would that be mitigated by the storing of old hash?