Can a SuperToken dev take a look at this and let me know which is the best way to "connect provider" with XenForo and SuperTokens https://xenforo.com/community/resources/th-connected-account-providers.8488/

XenForo

Hey, I'm trying to setup Apollo graphql + Nest.js by following the guide, and I manage to get the session info on a controller using the Auth guard and Session param decorator (from the guide) but not on a resolver. I tried (with inspiration from the graphql integration guide) to use a CanActivate guard and access the session with

GqlExecutionContext.create(context)

and also tried injecting the session param to the resolver with

export const User = createParamDecorator(
  (data: unknown, ctx: ExecutionContext) => {
    const x = GqlExecutionContext.create(ctx);
    const context = x.getContext();
    return context.session;
  },
);

with no success and couldn't find any code example that combines graphql + nest

Hi! Question about redirecting after sign in...

Hello, I have a specific question about UserIdMapping. I use ThirdPartyPasswordless recipe, which means that users can logIn from both of these with the same email. The issue I am facing is that my externalUserId is the same for both of these and my setUserIdMapping is violating the unique constraint "userid_mapping_external_user_id_key. Is there a way to remove this constraint, and is it safe ?

I noticed that the Auth0 external id (

sub

) for the google provider was

google-oauth2|<ID>

. Now with supertokens I am building this within

createNewSession

, for mapping the accounts.

const externalUserId = user.thirdParty ? `${user.thirdParty.id}|${user.thirdParty.userId}` : null;

I noticed that

user.thirdParty.id

, here is

google

and not

google-oauth2

. Is it safe for me to simply replace the

google|

part with

google-oauth2

, is the

<ID>

part of the auth0 sub stable?

Remove user ID mapping unique external user ID constraint

Create auth0 user ID mapping

Is the email template tied to the SMTPService class? I want to enqueue the email to an HTTP endpoint (also easier to integration test) instead of directly connecting to SMTP

In https://supertokens.com/docs/thirdpartypasswordless/quick-setup/backend, the documentation to generate keys tells to set the authorisation callback to auth/callback/{provider} except for Apple where it is api/callback/apple. Is it a mistake or is it supposed to be different ?

I'm using Supertokens with Expo (React Native). I was wondering how do I run the app in production. Like what do I bet for websiteDomain in the api.

Is it possible to have more than one recipe (for example one with Social, the other with Passwordless)? Either dynamically on the same signin page, or two different routes, either way would work I suppose. Or am I getting into custom UI territory?

hey, both the Handle Event (https://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/frontend-hooks/handle-event) and the Redirection Url (https://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/frontend-hooks/redirection-callback) hooks don't comply with the TypeInput input type for init function

type error with hooks

Hi team, super excited to test out supertokens. However I'm having issues at the first hurdle. It seems that supertokens middleware is not generating the auth routes on nestjs (express) as it promises to do. Minimal repro code:

import { Logger } from "@nestjs/common";
import { NestFactory } from "@nestjs/core";
import { init } from "supertokens-node";
import { middleware } from "supertokens-node/lib/build/framework/express";
import Session from "supertokens-node/recipe/session";

import { AppModule } from "./app/app.module";

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  const port = process.env.PORT || 3000;
  await app.listen(port);

  app.use(middleware());

  init({
    framework: "express",
    appInfo: {
      appName: "codestacks",
      apiDomain: "http://localhost:3000",
      websiteDomain: "http://localhost:4200",
    },
    supertokens: {
      connectionURI: "http://localhost:3567",
    },
    recipeList: [Session.init()],
  });

  Logger.log(`🚀 Application is running on: http://localhost:${port}`);
}

bootstrap();

The expectation is now that

http://localhost:3000/auth/signup

etc.. will now be created. However when using postman or curl to POST the routes are 404. Similarly, if you point the supertokens FE at this api domain it is similarly returning 404 in the network request coming from the supertokens UI. FYI same thing happens if I follow the actual nest setup with in the guide with an AuthModule - however I suspect that should not make a difference to the minimal repro code above, its just "nestifying" the middleware, it should work the same in both scenarios AFAIK.

NestJS routes missing issue

How is the password verification enforced on the backend? Currently it is kind of only enabled via the frontend by setting the

emailVerificationFeature

option on the frontend? 🤔

Does supertokens sdk(Im using Go) has an option for me to query the third parties api for more information other than the user's email? like for example getting the user's first and last name from google? Or my only way is to query their API myself with the access token im getting in the server during the signInUp method?

Hi, is there a way to know how the user signed up (emailpassword or thirdparty)

Knowing a user’s sign up method

Hey! Is it possible to customize the spinner? I wanted to make it look more like the other spinners in my app. 😀

Returning to an earlier question, we're working on writing end-to-end tests for our frontend application including social auth (this is an area that has broken frequently before). Do you test these integrations on your end, and what approach do you use? The problem we're running into is that GitHub issues challenges on "automated" log ins.

Customise spinner

Last question for today 😅, how can I configure my SMTP with username/password credentials ? I can't find a way to give the username

Hi, you described that using your access token is more secure than JWT. But on your site not so many reasons why and its a problem. So can you write a bit more detailed comparison between your access token and JWT?

Hey. I am Karan from foodmarkethub. I am facing a issue where I am trying to set a null value for a session variable inside jwt hasura claim and after calling Session.createJWT(JWT, JWT_EXPIRE_TIME), I am getting error stack:'Error: Request failed with status code 500' . I want to set it to null in order to verify some permissions on hasura end. Can anyone please help with this?

Session.JWT(JWT_EXPIRE_TIME)

how do i get getUserInfo to work

Question - whats the best pattern for implementing a post signup event, and similarly whats the best pattern for fetching the user after signin (in particular if the user data is stored in a different custom table) and adding the user data to the req.session. Effectively when someone signs up I'd like to create a custom user entity in a different table, and then fetch it again whenever the session is created or refreshed and make it available on the request