https://supertokens.com/ logo
Docs
Join the conversationJoin Discord
Channels
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
welcome-yann
Powered by Linen
support-questions
  • a

    AntonyBush

    10/14/2022, 4:06 PM
    Hey, I'm trying to get the provider's access token (Django). I have referred the following. https://supertokens.com/docs/thirdparty/post-login/getting-provider-access-token But I don't know how to import/get the token in my views.py
    j
    • 2
    • 1
  • r

    Ressiject

    10/14/2022, 4:41 PM
    Unauthorized fetch with server side rendering, (implement front end server side rendering), Next.js and Axios
    r
    • 2
    • 50
  • j

    jin49

    10/14/2022, 9:11 PM
    SuperTokens, Open Source Authentication
  • r

    rp

    10/15/2022, 4:08 AM
    Unauthorised error
  • g

    ggishant

    10/16/2022, 11:18 AM
    Hi guys, so I'm implementing authentication for React-Native (ios and android) for apple and google using Thirdpartypasswordless recipe. Apple works fine! but with google, it's returning me a serverAuthCode, which I'm sending as
    code
    in the /signinup endpoint, and I'm getting this error
    r
    s
    +2
    • 5
    • 46
  • s

    shorthair_[]

    10/16/2022, 11:19 AM
    hey guys
    g
    • 2
    • 1
  • s

    shorthair_[]

    10/16/2022, 11:20 AM
    is this the proper way to call users with django
  • s

    shorthair_[]

    10/16/2022, 11:20 AM
    cuz this isnt working
  • s

    shorthair_[]

    10/16/2022, 11:21 AM
    view.py file in django project
    
    
    from rest_framework.response import Response
    from rest_framework.decorators import api_view
    from supertokens_python.syncio import get_users_newest_first
    from .serializers import GetUserSerializer
    
    
    @api_view(['GET'])
    def get_users(request):
        firstguys = get_users_newest_first()
        serializer = GetUserSerializer(firstguys)
        return Response(serializer.data)
    r
    • 2
    • 5
  • b

    bert2002

    10/16/2022, 2:46 PM
    Does protected endpoints need some extra configuratoin for JWT? Because I have JWT enabled (https://supertokens.com/docs/microservice_auth/jwt-creation), but a curl test on the endpoint does not work, e.g.:
    @app.get("/bla")
    async def get_session_info(session: SessionContainer = Depends(verify_session())):
      return true
    r
    • 2
    • 7
  • c

    Chunkygoo

    10/16/2022, 10:55 PM
    Is there a way to call a function on the frontend when the user is logged out due to the refresh (not access) token expiring?
    r
    • 2
    • 7
  • c

    Chunkygoo

    10/16/2022, 11:25 PM
    Does Supertoken protect against https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md#login-csrf
    r
    • 2
    • 7
  • c

    Chunkygoo

    10/17/2022, 2:01 AM
    The access token Supertoken generates, is it a JWT? Or is it just a plain token that represents the user info? If the latter, does the token contain any sensitive info?
  • h

    heatbr

    10/17/2022, 3:08 AM
    https://supertokens.com/docs/emailpassword/common-customizations/sessions/with-jwt/about#access-token-vs-jwts they aren't jwt but have encryption
  • r

    rp

    10/17/2022, 4:05 AM
    Refresh token expiring
  • r

    rp

    10/17/2022, 4:06 AM
    Login CSRF
  • a

    abhisheksinghkapoor

    10/17/2022, 6:40 AM
    The cookies in my api are getting deleted, any specific reason?
    r
    • 2
    • 3
  • c

    Chunkygoo

    10/17/2022, 7:17 AM
    How do I hide everything else when I'm on the /auth/callback/google page?
    r
    • 2
    • 21
  • r

    RxThorn

    10/17/2022, 1:44 PM
    Hello, I receive the following error in the browser (MS Edge on Windows 11):
    Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    The above error occurred in the <SessionAuth> component
    . Has this happened to anyone before? I just created two projects with
    npx create-supertokens-app@latest
    , the first one React+NestJS and the other Vue+NestJS, always the same error
    r
    • 2
    • 13
  • p

    phacies

    10/17/2022, 8:09 PM
    Hello, I am trying to add extra fields to my email password recipe, I have extended the field form to accommodate the extras just like the documentation ,but I still get an error " message: Are you sending too many/too few formfields?"
    r
    • 2
    • 36
  • c

    csjaction

    10/17/2022, 9:12 PM
    Is there any solution for e2e testing with Google login? Google blocks all UI attempts at logging in. I tried looking into their apis, but Supertokens is operating as the middle person, so I can't log in via Google's APIs. Has anyone found a non-mocked way of doing e2e testing with Google logins? I'm using Nightwatch (a node selenium based framework).
    r
    • 2
    • 2
  • r

    rp

    10/18/2022, 5:21 AM
    custom form fields
  • r

    rp

    10/18/2022, 5:22 AM
    google sign in e2e
  • c

    Chunkygoo

    10/18/2022, 5:46 AM
    I am getting an error when I do not explicitly set cookie_domain="localhost"
    r
    • 2
    • 20
  • k

    kabin

    10/18/2022, 6:28 AM
    i want to send email after user password resetted to inform user his password is resetted
    r
    • 2
    • 11
  • c

    Chunkygoo

    10/18/2022, 7:02 AM
    Lag for SessionAuth
    r
    • 2
    • 12
  • c

    Chunkygoo

    10/18/2022, 7:24 AM
    preceding "."
    r
    • 2
    • 43
  • s

    segidev

    10/18/2022, 11:44 AM
    Did anyone experience the issue that randomly people that login suddenly end up as another user? We had this case now multiple times very randomly. Of course the users can't really tell what they did but one simply logged in yesterday and ended up being someone else. We use the method
    EmailPassword.signIn
    with no logic in between or anything hooking in.
    n
    r
    k
    • 4
    • 58
  • n

    nkshah2

    10/18/2022, 12:01 PM
    Users issue
  • j

    Jixxus

    10/18/2022, 12:43 PM
    Hey guys, is it possible to get the email address from the reset password token in "supertokens-web-js"? I'm making a custom UI using emailpassword recipe and I would like to show this information to the user. Only way I can think of is changing the reset password URL and adding another query parameter to it, but I don't like it this way. Thank you very much.
    r
    • 2
    • 3
Powered by Linen
Title
j

Jixxus

10/18/2022, 12:43 PM
Hey guys, is it possible to get the email address from the reset password token in "supertokens-web-js"? I'm making a custom UI using emailpassword recipe and I would like to show this information to the user. Only way I can think of is changing the reset password URL and adding another query parameter to it, but I don't like it this way. Thank you very much.
r

rp

10/18/2022, 12:44 PM
hey @Jixxus
there is no other better way of doing it compared to what you suggested with the URL change
j

Jixxus

10/18/2022, 12:45 PM
okay, thank you 🙂
View count: 4