Please also share the stack trace.

got it

Can i see the error stack trace please?

I'm setting up the backend with NestJS and testing it with Postman: https://prnt.sc/Ra6_sAz02hYG - I can correctly start a new flow.

ts
Passwordless.init({
 flowType: 'MAGIC_LINK',
 contactMethod: 'EMAIL',
 createAndSendCustomEmail: async (input, context) => {
  console.log('sent email', input, context);
 },
}),

- having this as passwordless recipe configuration, this -

sent email {
  codeLifetime: 900000,
  email: 'test4@revodigital.it',
  preAuthSessionId: '4M1rdHhXRMuckNDhGmqTM-rZ6I_kyqR1i_WnOGr8eT4=',
  urlWithLinkCode: 'https://revodigital.it/auth/verify?rid=passwordless&preAuthSessionId=4M1rdHhXRMuckNDhGmqTM-rZ6I_kyqR1i_WnOGr8eT4=#WHC1Jc6GlQ_awnN1A3o_LB7lpC0JOpY85MHWxcZLLVM=',
  userInputCode: undefined
} {}

is the

console.log

output. I seem to understand that urlWithLinkCode's preAuthSessionId parameter is returning

{preauthSessionId}#{linkCode}

, formatted as shown because as you can see - https://prnt.sc/a49KsLwwca-R - it's the only way it works. https://prnt.sc/O0rDyAlOnrDc Is this an issue? Is it known? Another question is, shouldn't I get cookies as a response? https://prnt.sc/7rq7gDL4Lp0- / https://prnt.sc/4C4djB1Cb573

im using the sign up form in the admin dashboard to create a user, but I don't think its a good idea since I want to create a random password on the backend, and I want the admin to be able to select an option from a pre-populated list in the form (after looking , i don't think that i can do that by changing the formFields object , correct me if im wrong please) so is it better if I just create my own sign up form and use the sign up API in the backend or what? for the login part all is good

Yea. I think it would be best you make your own sign up form in this case.

thanks!

Do I need to do anything special to make the refresh token work with graphql? signin works just fine, but once the access token expires apollo just errors out. I tried adding an error handler and manually calling SuperTokens.attemptRefreshingSession(), but even then it does not work. Standard get/post requests work just fine. Am I missing something?

GraphQL Refresh Error

what is this table "user_metadata" exactly made for?

it's to store user metadata. userId -> to some random JSON.

The APIs are exposed from the core's side, but we are yet to make changes on the SDK level to provide functions for them. But you can use the core APIs directly for this.

Super Tokens Core (self-hosted) and postgreSQL: password authentication failed

how can I make my backend return non-secure cookies (access and refresh) in order to enable testing on localhost?

Can I override the user interface, and the signUp function?

/* 
    * Called to sign-up a new user
    * 
    * @params: email
    *          password
    * 
    * @returns: "OK": on successfully signing up the user
    *           "EMAIL_ALREADY_EXISTS_ERROR": if the email is already been used
    */
    signUp(input: {
        email: string;
        password: string;
    }): Promise<{ status: "OK"; user: User } | { status: "EMAIL_ALREADY_EXISTS_ERROR" }>;

[Paswordless, plain JS, own UI] When checking if the session exists with doesSessionExist, a call is made to /auth/session/refresh. There's no further detail in the documentation about how to implement this. Seeing your FDI OpenAPI spec, there's a /auth/session/refresh. Should the first forward the request to the latter? :/

doesSessionExist

Hello, i would like to know if it is possible to use the selfhosted react App from the Github in combination with another frontend app with a different framework? I'm currently using VueJS for Frontend and have not worked with react before. Could I host the Loginpage as an react app seperately and direct to it from my vueJs frontend? If yes, what do I have to return to my frontend after the authentication? Is the session stored in cookies or something like that?

Hi, really sorry to bother you again. I'm setting up supertokens backend in NestJs using passwordless recipe email magic link only, no otp. How am I supposed to manage the urlWithLinkCode gotten here?

ts
Passwordless.init({
 flowType: 'MAGIC_LINK',
 contactMethod: 'EMAIL',
 createAndSendCustomEmail: async (input, context) => {
  console.log('email sent', input, context); //pretending I'm sending an email
  // outputs
  // email sent {
  // codeLifetime: 7200000,
  // email: 'test4@revodigital.it',
  // preAuthSessionId: 'hAJ3OURx4rtUb4ylrheRZm0ADBEwJ8KD8rYsb__yIqQ=',
  // urlWithLinkCode: 'http://localhost:3012/auth/verify?rid=passwordless&preAuthSessionId=hAJ3OURx4rtUb4ylrheRZm0ADBEwJ8KD8rYsb__yIqQ=#CO7FrG4PX6cpoYeOdGxuFQ9pbjJFilDs2mGK08wdNMo=',
  //userInputCode: undefined
  //} {}
 },
}),

Should I create an endpoint handling

/auth/verify

? How would I get the linkCode then?

@User That should be handled by the frontend SDK

I don't think I'm getting it, 1. Frontend generates a new code with POST

/auth/signinup/code

2. Backend sends email to user -> URL contains preAuthSessionId andlinkCode Are these two steps correct? If yes, what is the user supposed to do with the email?

When running on localhost is there a way to remove “Secure; HttpOnly” from the returned Cookies?

What is the difference between overriding an api vs overriding a function? For example consumeCode as a function vs consumeCodePost as an api? What are the intended use cases for each option?

overriding question

Is there anyway to persist data between requesting a passwordless code and confirming it? My use case is a user signs up with first name, last name, and email. When the code is confirmed I then need to store the first name / last name against the created user.

Yes. You can save the data either on the frontend localstotage, or in the db against the preAuthSessionId

The preAuthSessionId is generated in the create code API and is sent in the consume API

If you are using magic links, it’s better to store in db cause the user can open the magic link on another device.

For OTP based, you can store that info in local storage and send it in the consume code API