Hi, is there any way to add own logger to supertokens to log requests (I am using middlleware)?

Hey, I'm looking at doing email verification but I store a username instead of an email. I bit of a complicated flow. We are wanting to be anonymous - hence the interesting use-case. But I want the flow to be: - Send verification to a specific email - User verifies the code within our app - User has a username automatically generated for them that we have stored in supertokens - User is able to then update their username / set a password if they chose (but we don't require them to)

Just set up the SuperTokens auth for NextJS and have to say, by far the smoothest and best experience I've had implementing auth so far (Supabase, NextAuth, etc.). Documentation is fantastic and the api is intuitive. Fantastic job, excited to become a SuperTokens user!

Thanks @dreamer !

Did you use the create-supertokens-app CLI? Or followed the docs step by step?

Hey guys, Do I get it right regarding user IDs in supertokens recipes -- each recipe maintains it's own set of users when using MFA?

Hey there, back with another few questions. 😇 I am planning the upgrade from

supertokens-core

v3.16.2

to

v4.0.0

and I have a few questions around the database changes for the

emailpassword_users

and

thirdparty_users

table: Why did you choose

VARCHAR(256)

and

VARCHAR(128)

over just

TEXT

? The latter would have required no database migration and would not require a database migration in the future if the value changes again. Is it safe for me to use

TEXT

instead of

VARCHAR(256)

- or does

supertokens-core

do some kind of database schema validation? How did you manage to roll this out in production? In my current understanding it is not possible to apply this migration without locking the full database table and rewriting every single row. Wouldn't it been smarter (and also less "breaking") to follow this strategy: 1. Add a new columns "thirdparty_users"."third_party_user_id_new" and "emailpassword_users"."password_hash_new" 2. Run a script during outside of a migration/lock that copies the values from the old column to the new column 3. Write the super tokens code in a way that it can deal with both the old and new columns for the duration of the copy from old to new column period Right now, for us running the migration will probably not take longer than a few seconds - however, I am concerned that in the future additional breaking database changes will make it harder for us to migrate to the latest versions. Since you probably have much more users running on your hosted solution, I am especially curious on any insights on how you manged this (of course only if it is possible to share that information)!

I followed the docs step-by-step. Haven't checked out the CLI as I generally prefer setting up things myself to see how it works at each step but good to know that it exists for the future 👍

I'm working on overriding the password function so that I can reject calls with a "fake password" (see prior implementation conversation). I have some questions. For reference:

emailpassword.init(
                override=emailpassword.InputOverrideConfig(
                    apis=apis_override_email_password,
                    functions=functions_override_email_password,
)

What is the difference between apis and functions? Within my override, how do I return a 400 response? For reference, this throws a 500 as expected:

def apis_override_email_password(param):
    og_sign_in_post = param.sign_in_post

    async def sign_in_post(
        form_fields,
        api_options,
        user_context,
    ):
        req = user_context.get("_default", {}).get("request")
        if req:
            raise Exception('Invalid password')

        return await og_sign_in_post(form_fields, api_options, user_context)

    param.sign_in_post = sign_in_post
    return param

The difference between APIs and functions is that APIs can call multiple recipe functions. APIs encapsulate all the logic of an api call.

Checkout the override section -> APIs override -> sending custom response page to see how to send 400 response.

This worked - thanks!

I am trying to implement google login

Are there any limits for Google login?

Google login brings me to a loading page with a spinner upon successful sign in

Google login client id and secret

Hi ! May I know how to check the user’s email is verified on frontend( Next.js) ?

Hi, I'm new to SuperTokens and try to implement SuperTokens in NestJS. But NestJS showed error like below

ERROR [ExceptionHandler] Nest can't resolve dependencies of the AuthGuard (?). Please make sure that the argument Object at index [0] is available in the AppModule context.

Below is my auth.guard.ts codes

import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
import { Error as STError } from 'supertokens-node';

import { verifySession } from 'supertokens-node/recipe/session/framework/express';
import { VerifySessionOptions } from 'supertokens-node/recipe/session';

@Injectable()
export class AuthGuard implements CanActivate {
  constructor(private readonly verifyOptions?: VerifySessionOptions) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const ctx = context.switchToHttp();

    let err = undefined;
    const resp = ctx.getResponse();
    // You can create an optional version of this by passing {sessionRequired: false} to verifySession
    await verifySession(this.verifyOptions)(ctx.getRequest(), resp, (res) => {
      err = res;
    });

    if (resp.headersSent) {
      throw new STError({
        message: 'RESPONSE_SENT',
        type: 'RESPONSE_SENT'
      });
    }

    if (err) {
      throw err;
    }

    return true;
  }
}

Did I missed something? Thanks

Nestjs error

Is there a way to remove the "Powered by supertokens" text from the bottom of the sign up / sign in forms?

Remove powered by supertokens in ui

Is there a way to route directly to the sign up or sign in form? Right now, i have a "Sign Up" and "Sign in" button and they both load the "Sign Up" form

Any way to use a "popup" instead of redirecting to another page when using Google Login?

Sign up in redirection

Google via popup

Any updates on python lambda?

Do I need to "publish" or do something similar before I can use Google login in production?

Using supertokens-python + flask. I'm using @verify_session(session_required=False). When the token expires I get a 401. Is this desired behavoir?

Token expiry with session required false

Google login for prod