no worries 😄 I think this needs better documentation, this is actually very valuable feedback, so: thanks 🙂

By the way: Here is the snippet of the auth service i implemented where i inject dependencies in NestJS e.g. when overriding signUp callbacks and want to do some action on other services.

auth.service.ts

ts
import supertokens from 'supertokens-node';
import EmailPassword from 'supertokens-node/recipe/emailpassword';
import Session from 'supertokens-node/recipe/session';
import { Injectable, Logger } from '@nestjs/common';

@Injectable()
export class AuthService {
  constructor(private userService: UserService) {
    supertokens.init({
      supertokens: {
        connectionURI: 'http://localhost:3567',
      },
      appInfo: {
        appName: 'My App',
        apiDomain: 'http://localhost:3000',
        websiteDomain: 'http://localhost:3001',
      },
      recipeList: [
        EmailPassword.init(),
        Session.init(),
      ],
    });
  }
}

auth.module.ts

ts
import { DynamicModule, MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
import { UserService } from 'src/user/user.service';
import { AuthMiddleware } from './auth.middleware';
import { AuthService } from './auth.service';

@Module({
  providers: [AuthService, UserService],
  exports: [],
  controllers: [],
})
export class AuthModule implements NestModule {
  configure(consumer: MiddlewareConsumer) {
    consumer.apply(AuthMiddleware).forRoutes('*');
  }

  static forRoot(): DynamicModule {
    return {
      providers: [],
      exports: [],
      imports: [],
      module: AuthModule,
    };
  }
}

This instanciates the AuthService as a singleton with access to all provided services.

The weekend is coming and i call it a day. Thank you for all the help and work you put in this! Have a nice weekend!

@User , so just to clarify, you can disable the sign up API as follows:

EmailPassword.init({
    override: {
        apis: (oI) => {
            return {
                ...oI,
                signUpPOST: undefined
            }
        }
    }
})

Finally, you can manually sign up users like this:

let signUpResponse = await EmailPassword.signUp("email", "password");

if (signUpResponse.status === "OK") {
    let user = signUpResponse.user;
    // TODO:...
} else if (signUpResponse.status === "EMAIL_ALREADY_EXISTS_ERROR") {
    // TODO: handle this error
}

And as @User said, the above works because

EmailPassword

is a singleton. Thank you @User

have a nice weekend @User 🙂

Hi, just updated core, react and node to the latest versions (3.6, 0.15.9 & 7.1.0)

I am using nextjs

I had to update the "pages/api" sections to use the "verifySession" function

and did a bit of testing by reducing the expiry for the access token

And does it work as expected?

before the code change the pages/api functions used to return return { props: { fromSupertokens: 'needs-refresh' } }

so when the access token expired then the page would refresh and get a new access token using the refresh token

and it does return a 401

but I guess

we need to add onSessionExpired

to the ThirdPartyEmailPasswordAuthNoSSR

and then handle that within a function

For getServerSideProps, you should still continue to use

getSession

as shown here: https://supertokens.io/docs/thirdpartyemailpassword/nextjs/session-verification/in-ssr

yes I still use that in getServerSide props

This is not needed as such.

did not change those

ahh.. then maybe i misunderstood what you are trying to say

it is the pages/api

cause the

{ props: { fromSupertokens: 'needs-refresh' } }

is only meant to be handled for when using

getServerSideProps

yes

but when using verify session

if access token

expired