Do not create a session on API failure

It looks like SuperToken cookies are exceeding the permitted limit. I'm getting this error: "Set-Cookie header is ignored in response from url: http://localhost:4000/auth/session/refresh. The combined size of the name and value must be less than or equal to 4096 characters."

Cookie session don't seem to work for iOS 15 when API is on subdomain. As you can see the signin works and responds with the cookie but the immediate refresh token requests simply fails

Is a session key property with the value

null

omitted from the token payload?

Value null in session

Hello, is there a

client_credentials

like alternative on login strategy ? I know there is user/password which can be use but I think have property name like clientId clientSecret it would be better. What I want is be able to do machine2machine auth. https://auth0.com/blog/using-m2m-authorization/ this is an example

Hi, I am trying to add an API key to my core docker-compose, should I juste add

API_KEY: ${SUPERTOKENS_API_KEY}

to the environment section ?

Hi, is it possible to trigger sending the email verification mail through the backend sdks?

Hi @rp, I have 2 requirements, 1. I have set up super token core and backend integration with SDK, and everything works 🙂 . But, how do I enable the dashboard? 2. Assume if I pass the accessToken as a header instead of setting it in cookie for session verification, is there any function in the sdk that takes accessToken as a string and validates it?

Hi, How can I rewrite the Set-Cookie to a custom header using the python SDK? I used this example for node: https://github.com/supertokens/supertokens-auth-react/blob/master/examples/with-localstorage/api-server/index.ts But how can i access the response in python (fastapi)? Here is my code:

python
def override_session_functions(oi: RecipeInterface):
    original_create_new_session = oi.create_new_session
    original_refresh_session = oi.refresh_session
    original_get_session = oi.get_session

    async def create_new_session(request, user_id, access_token_payload, session_data, user_context):
        session = await original_create_new_session(request, user_id, access_token_payload, session_data, user_context)
        _update_headers_in_request(request)
        return session

    async def refresh_session(request, user_context):
        _update_headers_in_request(request)
        session = await original_refresh_session(request, user_context)
        _update_headers_for_response(...) # How to get response to provide it here?
        return session

    oi.create_new_session = create_new_session

    return oi

Dashboard and access token custom header

Accessing response object in python

Question about sharing sessions across subdomains...

How do I trigger the email verification workflow when a new user is created using only the backend SDKs? Currently we have a proxy lambda handling requests but since this handles all request types I don't know when a particular invocation is a sign up or a login or a password reset.

Hi, After adding values for expose_headers to my CORS Middleware (Python/fastApi), the login form (React) is not working anymore. After clicking login, the page refreshes but i am still on the auth page. After removing the expose_headers it works fine.

python
api = CORSMiddleware(
    app=api,
    allow_origins=[
        "http://localhost:3000"
    ],
    allow_credentials=True,
    allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
    allow_headers=["Content-Type", SUPERTOKENS_HEADER] + get_all_cors_headers(),
    expose_headers=[SUPERTOKENS_HEADER]
)

The value for SUPERTOKENS_HEADER is

x-st-cookie

but i am still using the default cookie implementaion at this time.

Expose header issue

Hello, i have a problem. When I log out of one account and then log in into another one, it somehow pushes me to the first account. What could be the problem? Doesn't sign out function revoke the session?

NextJS Session Recipe Documentation

Hello, I am getting a error after logout. I am using the python sdk with fastapi. This is the error message:

...
File "/home/.../app/venv/lib/python3.9/site-packages/supertokens_python/recipe/session/api/implementation.py", line 46, in signout_post
    session = await api_options.recipe_implementation.get_session(
TypeError: get_session() got an unexpected keyword argument 'anti_csrf_check'

I know it's a saturday, so maybe eventually when someone is available, I'm a little confused about the React session timeout behavior, which is yielding a white-screen when my user's sessions time out. More in the thread.

Python get session error

i'm having a bunch of cors issues when following the email password recipes and using https://try.supertokens.com as the connectionURI

not sure if anyone can help or has had the same problems

I get the following error when i try to sign up with a user: Error: No SuperTokens core available to queryError: No SuperTokens core available to query Setup: I am self hosting a core, without docker on my mac. (It should be running, i can get the hello message when visiting /hello) The connection to my postgresql is successful (the default supertokens tables have been generated)

Can a SuperToken dev take a look at this and let me know which is the best way to "connect provider" with XenForo and SuperTokens https://xenforo.com/community/resources/th-connected-account-providers.8488/

XenForo

Hey, I'm trying to setup Apollo graphql + Nest.js by following the guide, and I manage to get the session info on a controller using the Auth guard and Session param decorator (from the guide) but not on a resolver. I tried (with inspiration from the graphql integration guide) to use a CanActivate guard and access the session with

GqlExecutionContext.create(context)

and also tried injecting the session param to the resolver with

export const User = createParamDecorator(
  (data: unknown, ctx: ExecutionContext) => {
    const x = GqlExecutionContext.create(ctx);
    const context = x.getContext();
    return context.session;
  },
);

with no success and couldn't find any code example that combines graphql + nest

Hi! Question about redirecting after sign in...

Hello, I have a specific question about UserIdMapping. I use ThirdPartyPasswordless recipe, which means that users can logIn from both of these with the same email. The issue I am facing is that my externalUserId is the same for both of these and my setUserIdMapping is violating the unique constraint "userid_mapping_external_user_id_key. Is there a way to remove this constraint, and is it safe ?