oh snap, this is great. https://www.typescriptlang.org/docs/handbook/2/narrowing.html thank you

Hi Team , Do super token supports login via sms otp?

Yes. It does. Have a look at https://supertokens.com/docs/passwordless/introduction

Thanks @User

Hi, I still don't understand how to make a request from the server (getServerSideProps) in nextjs 😦 thanks

When you make a call to

/studies

, you are essentially doing machine to machine request. This is different from frontend (website) to machine request. Frontend -> machine requires session management like how we have Machine -> machine requires API key. So when you make a call to

/studies

, you can pass in a secret API key along with the userId (which you can get from

session.getUserId()

)

So do I need to make modifications to my api? (fast api)

Is this API only going to be called from nextjs API layer? Or even the frontend?

only nextjs

nextjs API layer you mean?

Or even the react code on the frontend?

Yes sorry I'm quite new to React and I'm still a bit lost, this is the APi that I'm going to have to get the data to represent it in the frontend.

but I wanted to take advantage of the power of nextjs and make the api calls from the server (getServerSideProps).

not from frontend with useEffect()

Right. In that case, you want to change the python API to have two modes of authentication. One via our

verifySession

function and one via some API key method. If that API is called from your react code, it will depend on the

verifySession

function for auth. If it's called from

getServerSideProps

, it will depend on the API key for auth.

umm ok understood 🙂 I thought there was some kind of interceptor that works and validates with the verify_session(). Do you have any guide to follow with this way?

We don't have a guide for API keys - but there are plenty online. You might also wanna set session_required: False when calling

verify_session

so that

getServerSideProps

can call it with an API key

Um yes, it could be an option. Thank you very much for everything

@User , we have released a new version of the core and backend SDKs which will allow you to add a prefix path to the core's APIs: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/core/base-path This should help you with your setup. Thanks for the feature suggestion.

Wow. You guys are fast. 😅 Great job. It's implemented very naturally, by just reusing the connectionUri option. That was how I first tried it, expecting it would just work. 😁 Just a heads up, you have some strings there as

some-prexif

where it should read

some-prefix

.

oh right! thanks.

typo.. hehe

Hey guys, great product! Looking at https://supertokens.com/docs/session/common-customizations/sessions/multiple-api-endpoints#step-1-backend-config and https://supertokens.com/docs/session/common-customizations/sessions/share-sessions-across-sub-domains. What is the difference between those two settings?

hey! So the api-endpoint one is on the backend and the sub domain one is on the frontend.

Does it mean that two sessionScopes could exist for the same user session?

So the frontend

sessionScope

setting basically says that share the session across all sub domains

So it will be one session shared across all sub domains.

What is the recommended way to setup supertokens if we have one backend that is the api and another backend for frontend (nextjs that is not mutating the sessions but should get access token payloads)?

Is the api domain and the next JS domain on different top level domains? Or just different sub domains?

Different sub domains