Hey @everyone we have made a new release:

supertokens-node (v4.3.0): 
- Added a method for optionally doing session verification on a per API basis (docs: https://supertokens.io/docs/session/common-customizations/sessions/session-verification#optionally-verify-a-session)

supertokens-auth-react (v0.9.0) (breaking change because of breaking changes in supertokens-website):
- When using an auth wrapper around your route components, it now provides a session context to all the children components which makes it easy for them to get session information (docs: https://supertokens.io/docs/session/common-customizations/sessions/user-information-front-end)

supertokens-website (v6.0.0) (breaking change) - this is also used within supertokens-auth-react:
- Bypassing cookies (that are set on the frontend set) restriction imposed by browsers like safari and brave - they capped cookie lifetime to 7 days, preventing sessions to be active for more than 7 days. We bypassed this by using localstorage instead (note that we still use httpOnly cookies for access and refresh tokens, so there is no compromise in security).
- (breaking change): getUserId and doesSessionExist now return Promises

I urge everyone to use the latest versions of the frontend SDK so that they their session lifetimes are not restricted by the browser's limitation.

Hey @everyone we have added a documentation section for managing user roles with sessions: - Thirdpartyemailpassword: https://supertokens.io/docs/thirdpartyemailpassword/common-customizations/user-roles/assigning-users-roles - Thirdparty: https://supertokens.io/docs/thirdparty/common-customizations/user-roles/assigning-users-roles - Emailpassword: https://supertokens.io/docs/emailpassword/common-customizations/user-roles/assigning-users-roles - Sessions only: https://supertokens.io/docs/session/common-customizations/user-roles/assigning-session-roles NOTE: No code changes, only doc changes 🙂

Hey @everyone we have released a new version of the core (v3.4). If you are using v3.3, it is a non breaking change. The version has the following changes: - Upgrades to use Open JDK (15.0.1) from the older version (12.0.2) - Supports passing connection uri for mysql and postgresql (https://github.com/supertokens/supertokens-core/issues/221) - Enables mongoDB connection to work with

mongodb+srv

style URIs (https://github.com/supertokens/supertokens-core/issues/203) - Allows you to change the names of the tables managed by SuperTokens by specifying a common prefix to the table names (https://github.com/supertokens/supertokens-core/issues/220) - Support for ARM based architecture - so if you are running a Mac with the new M1 chip, the new docker images should work on them.

@everyone new releases: supertokens-auth-react (v0.9.1): - Fixes issue with not showing sign in / up errors if social login is used during thirdpartyemailpassword login. - Allows for custom error message to be showing due to sign in / up failures during social login. supertokens-node (v4.3.2): - Allows custom message to be sent to the frontend in signinup API which is used for social login.

new release: supertokens-node (v4.3.3): - Does not require bodyParser to be explicitly used in serverless functions.

@everyone new fix for supertokens-node bug. - If you are using version 4.3.3, please upgrade to version 4.3.4. - If you are using version 4.4.0, please upgrade to version 4.4.1. This bug will affect NextJS users who have experienced APIs that we expose not being responsive. -------------- Also, we have released docs explaining what the various parts of

appInfo

object mean: https://supertokens.io/recipe-redirect?to=appinfo

new release: supertokens-auth-react (v0.10.1): - Fixes issue https://github.com/supertokens/supertokens-auth-react/issues/240

hey @everyone new release:

supertokens-node (v5.0.0):
- Changes: https://github.com/supertokens/supertokens-node/blob/master/CHANGELOG.md#500---2021-05-02
- If using `enableAntiCsrf`, please use `antiCsrf` instead. Please see https://supertokens.io/recipe-redirect?to=/common-customizations/sessions/anti-csrf for more information.

supertokens-auth-react (v0.11.0):
- Changes: https://github.com/supertokens/supertokens-auth-react/blob/master/CHANGELOG.md#0110---2020-05-02
- Fixes sharing of session across sub domain on Safari + bypasses some of the restrictions imposed by Safari due to their privacy features.

supertokens-website (v7.0.0):
- Changes: https://github.com/supertokens/supertokens-website/blob/master/CHANGELOG.md#700---2021-05-01
- Fixes sharing of session across sub domain on Safari + bypasses some of the restrictions imposed by Safari due to their privacy features.

- Please note that if you are upgrading either

supertokens-auth-react

or

supertokens-website

, you will need to upgrade

supertokens-node

too and vice versa. - If you need to share a session across sub domains, you will want to use this new version.

New release - supertokens-auth-react (v0.13.0): - Support for sessions within iframes: https://supertokens.io/recipe-redirect?to=/common-customizations/sessions/in-iframe - Uses a

^

for all dependencies to fix https://github.com/supertokens/supertokens-auth-react/issues/248 Note that it has no breaking changes.

hey @everyone new docs for testing backend APIs (exposed via our SDK) using Postman: https://supertokens.io/recipe-redirect?to=/testing/testing-with-postman. This includes calling the sign up API, session verification, refreshing, and logout API.

@everyone new video tutorial for thirdpartyemailpassword recipe: https://supertokens.io/docs/thirdpartyemailpassword/quick-setup/video-tutorial

hey @everyone , we have made our docs open source as well: https://github.com/supertokens/docs So we can now accept docs fixes / contributions too. Please read the CONTRIBUTING.md file to get started: https://github.com/supertokens/docs/blob/master/CONTRIBUTING.md

hey @everyone . For managed service users, we have added a button that allows you to export registered users as .CSV file. There is one button for dev instance, and one for production instance.

New release (non breaking): - Ability to query multiple API domains and have session work across them (with automatic refreshing). The one constraint is that all the API domains must have the same top level domain. Docs here: https://supertokens.io/recipe-redirect?to=/common-customizations/sessions/multiple-api-endpoints - supertokens-auth-react (v0.13.2) - supetokens-website (v7.2.0)

Hey @everyone Here are the details of our latest release: https://github.com/supertokens/supertokens-core/issues/261#issuecomment-863011660 We have added a new "override" feature to supertokens-node, supertokens-auth-react, and supertokens-website repos, which allows you to customise the default behaviour of supertokens in a powerful way.

hey @everyone , new docs for APIs that are exposed via the core and the backend SDK: https://supertokens.io/docs/community/apis

@everyone new release for node SDK (v6.0.2 - non breaking): - Fixes an issue that allowed third party sites to log out users by calling the

/auth/session/refresh POST

endpoint without providing anti-csrf protection. More info about this here: https://github.com/supertokens/supertokens-node/issues/141. If you are using an older version of the supertokens-node SDK, that can't easily be upgraded to 6.0.1, then please DM me so that we can provide this fix for your version as well.

Hello @everyone New releases! supertokens-auth-react@0.15.0 Fixes: - SVG icons styling issues - In

emailVerificationAuth

, queries is email verified only if session exists -

redirectTo

query param will be respected when visiting auth page, if session exists - Remove UI rendering lag when using auth recipe components (

EmailPasswordAuth

,

ThirdPartyAuth

,

ThirdPartyEmailPasswordAuth

) - Fix component overrides rerendering Features: -

SessionAuth

can be nested inside another

SessionAuth

-

SessionAuth

will automatically update context with new data when session changes -

onSessionExpired

prop on

SessionAuth

,

EmailPasswordAuth

,

ThirdPartyAuth

and

ThirdPartyEmailPasswordAuth

-

SESSION_CREATED

event can be listened to in

onHandleEvent

hook. Breaking changes: - The components override API has changed from

(DefaultComponent) => (props) => React.Element

to

({ DefaultComponent, …props }) => React.Element

. - If a component is wrapped in an auth wrapper with

requireAuth={true}

, and

onSessionExpired

prop is not provided, then the user will be automatically redirected to the login screen when session expires. supertokens-website@8.1.0 Features: -

SESSION_CREATED

event is fired whenever new session is established (going from state with no session to state with session)

hey @everyone new version of core (v3.5.0) and supertokens-node (v6.1.0) are out: New functionality: - get users (who signed up with social login) using their email ID. - updating of email or password of a user who signed up with email + password. - delete unused email verification tokens + unverify an email for a user. To use the above, you will need to update your core to v3.5.0. In doing so, you will need to run a few db migration commands (DM me to know them). If you are using the managed service version and would like to get the new core, DM me.

@everyone new release for the node SDK (v7.0.0) (breaking changes list is here: https://github.com/supertokens/supertokens-node/blob/master/CHANGELOG.md#breaking-changes). If you are not using the session error handler callbacks, then this is a non-breaking change. The major change is that we now support for non express frameworks for node js - aws lambda / netlify, hapi, fastify, koa and loopback. There are also new docs for it.

@everyone We have just released a new golang SDK: https://github.com/supertokens/supertokens-golang

@everyone new version of core (v3.6.0) & backend SDKs released: Core's new feature: 1) Able to configure email verification and password reset token's lifetime via the core's config.yaml file / docker env vars. 2) Support for multiple access token signing keys so that there is no spike in the refresh API calls when an access token signing key has changed (performance optimisation) Backend SDKs: - Changes to work well with (2) from above. The changes in the backend SDK are non breaking. To move from an older version of the core to the current one, there are a few db schema changes: a) New table called

session_access_token_signing_keys

b) New table called

jwt_signing_keys

c) For users of postgresql, there is a change in the type of

user_id

column in the

emailverification_verified_emails

and

emailverification_tokens

tables -> from

varchar(255)

to

varchar(128)

The db schema changes should happen on their own when you start the new core version, except for change in (c). But that is not a necessary change to make 🙂

The examples from supertokens-demo-react have been moved to over here: https://github.com/supertokens/supertokens-auth-react/tree/master/examples

@everyone we have released a new feature: On the managed service, for the dev env, you can now access your database credentials and connect to the db to inspect / edit the info

@everyone A few updates: - We have updated our frontend react-native SDK (v2.0.0) to work with the latest backend SDKs and core. We have also added docs for it on our website. - We have changed the SDK reference docs format to make it more extensive: ---> NodeJS: https://supertokens.io/docs/nodejs ---> GoLang: https://supertokens.io/docs/golang ---> ReactJS: https://supertokens.io/docs/auth-react ---> Website SDK: https://supertokens.io/docs/website ---> React Native SDK: https://supertokens.io/docs/react-native

@everyone , we have released support for python SDKs, supporting Flask, Django and FastAPI.

@everyone new features for the managed service dashboard: - see number of active users for a given time period - access to postgresql db that's being used for the dev instance - see estimated billing for the upcoming month if the number of active users in prod env is > 5,000

@everyone , our supertokens-auth-react package (>= v0.17.5), now works with react-router-dom v6 & v5.

@everyone we have made an API status page: https://supertokens.instatus.com/ This can be used to monitor our uptime for our: - website - email sending service (for email verificaiton and password reset emails) - Managed service (dev and prod env) You can connect this to your email or slack to get notifications on downtime issues.