• s

    sunil

    1 year ago
    I was planning to use supertokens for session management does supertokens currently support Java ?
  • r

    rp

    1 year ago
    @User we don't have a java SDK at the moment. But you can integrate with the supertokens core directly using its API
  • s

    sunil

    1 year ago
    oh ok @User
  • r

    rp

    1 year ago
    The API spec for the core can be found here: https://app.swaggerhub.com/apis/supertokens/CDI
  • ?

    user

    1 year ago
    Good evening! I had a question about this article: https://supertokens.io/blog/implementing-a-forgot-password-flow and was hoping for some clarification.
  • ?

    user

    1 year ago
    The hashed token is stored in the database, and the "non-hashed" token is what is sent in the email link. Could someone explain to me why the the raw token is used in the email, and not the hashed token? Are there any security implications by using the raw token vs. the hashed token in the email link?
  • r

    rp

    1 year ago
    We want to store the hashed token in the db because in case the db is leaked, the user can't use those hashed tokens to reset the user's password - since the input token to the API is hashed before being checked in the db. So if we were to send the hashed token via email, the input to the API would be hashed again, and therefore we would be checking hash(hash(raw_token)) as opposed to hash(raw_token) (which is in the db).
  • ?

    user

    1 year ago
    Oh that makes sense! Thank you for clarifying.
  • ?

    user

    1 year ago
    Hi is there any way to obtain long lived access tokens?
  • r

    rp

    1 year ago
    hey @User yea. You can configure the access token's lifetime to be any amount: https://supertokens.io/docs/session/common-customizations/sessions/change-session-timeout The one constraint is that the access token's lifetime has to be lesser than the refresh token's lifetime - but you can also configure the refresh token's lifetime (see same link as above)