603466164219281420 #support-questions

Hi There! I am interested in magic links. I am wondering if what I am trying to do is possible. 1. I invite a User to visit a page in my app by sending them a magic link (Note, docs for this are missing: https://supertokens.com/docs/passwordless/common-customizations/generating-magic-link-manually) 2. The URL will be of the form https://myapp.com/[magic] 3. The page is available to anybody with the magic link (in theory only the person who receives my invitation) 4. The link needs to expire after 24 hours or maybe 48 hours 5. The page/route with the magic link is visible, but NO OTHER page/route should be visible (i.e. it is not the same as authenticating to the app) 6. The regular passwordless (using email) should continue to grant general access to the app, so only the magic link is a bit different What do you think about this approach? Does my explanation make sense? Can I do this with SuperTokens, or do I need to roll my own guard for this special route? Or, is there a better way to show only one page / route in my app using a magic link only with SuperTokens? Thanks! =David

12/06/2022, 8:31 AM

custom magic link flow

Iruizmar

12/06/2022, 9:29 AM

Hey! 👋 I'm using the FDI because none of the client SDKs applies to my tech stack and I'm getting a 500 error when trying to refresh the session when the access token is expired. I know I'm sending the correct parameters because it works if I send the refresh session request before the access token is expired. Any direction on how to investigate the issue? The backend is written in NestJs.

vishalc

12/06/2022, 1:17 PM

@rp I am facing an issue for ios after login call auto call api as a loop (auth/session/refresh), I am using Ionic 6. Log in successfully, get a token, and store local storage with Axios.

Recreating SuperTokens Middleware by Hand

ITEnthusiasm

12/06/2022, 6:06 PM

Mkay. This kinda relates to the

Issue

I threw up on GitHub in

supertokens-node

. But this question is more specific. Is there an existing way to replicate the

/signin

/signup

/session/refresh

route middleware by hand? (And are those the only middlewares created from

app.use(middlewares())

(Background in Thread)

Jono

12/06/2022, 7:58 PM

Hello. We have been using super tokens for the last few months with no issues. Today we are seeing a lot of session refresh errors frequently. "Error: SuperTokens core threw an error for a POST request to path: '/recipe/session/refresh' with status code: 500 and message: Internal Error\" I've been checking refresh requests in postman and every 3rd odd request fails, then the next succeeds. We are using the latest versions of the node-sdk. Using passwordless with roles on managed ST. Anyone else seeing this or any idea of how to solve this error?

Jono

12/06/2022, 8:43 PM

Hello

legolas8911

12/06/2022, 11:19 PM

hey, question. Right now I have an instance of

supertokens-node

that's under auth.domain.com. That's it's sole purpose. Now, I have another service, let's call it API, that I need to init supertokens-node into for API route session verification and such. While looking into the sourcecode of

st-node

I saw that the init config the

recipeList

is not optional. I don't want any ST apis on this service, all I want is to .init() it, point it to core and be able to validate requests. Should I just add the Session recipe and nothing else? Will that work? Thanks

Aithusa

12/06/2022, 11:58 PM

Copy code

java
Error: Initialisation not done. Did you forget to call the SuperTokens.init function?

I keep getting this error when going to my /testauth path but I did call the function before the route

Copy code

import { verifySession } from "supertokens-node/recipe/session/framework/express/index.js";

router.get("/testauth", verifySession(), (req, res) => {
  if (req.session == null) {
    res.send({ error: "Must be signed in", code: "401" })
    return
  }
  let userId = req.session.getUserId();
});

Chunkygoo

12/07/2022, 12:02 AM

Copy code

# npm audit report

qs  6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install supertokens-node@2.5.0, which is a breaking change
node_modules/qs
  body-parser  1.19.0
  Depends on vulnerable versions of qs
  node_modules/body-parser
    supertokens-node  >=3.0.0
    Depends on vulnerable versions of body-parser
    node_modules/supertokens-node

3 high severity vulnerabilities

12/07/2022, 4:00 AM

Using backend SDK in multiple APIs

12/07/2022, 4:01 AM

Not initialised error

YaBoiStarLord

12/07/2022, 7:15 AM

Hi Folks I'm referring to the ThirdPartyEmailPassword Guide - specifically the invite link flow: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/disable-sign-up/emailpassword-changes I see the Python Documentation say:

Copy code

invite_link = "http://localhost:3000/auth/reset-password?token=" + \
        password_reset_token.token

What is this Base URL? Is it supposed to the URL for my API server or the Supertokens Core server?

YaBoiStarLord

12/07/2022, 7:16 AM

I replaced the port with the port my service is running on (8000) and the port the supertokens core service is running on (3567) and I am getting a 404 for bothe

NoirLime

12/07/2022, 8:51 AM

Hi there, I'm facing an issue with Supertokens-Node: It seems that the validation request that supertokens-dashboard sends doesn't contain a application/json body, thus causing the request to error out.

Ayush6543

12/07/2022, 8:55 AM

What is the logic for updating email?

Val

12/07/2022, 10:30 AM

Hi hope you guys are fine ! 🙂 First try with supertokens and seems very nice ! Facing an error with dashboard no SuperTokens core available to query

Val

12/07/2022, 10:31 AM

It's because I don't have user yet? Or just missing thing?

gc1980

12/07/2022, 11:16 AM

Existing database of users Is this possible to use with SuperTokens? If yes, is there a guide somewhere on what needs modifying and where?

Alen

12/08/2022, 5:51 AM

Hi, I just wanted to know about how we can integrate supertokens with SAML. For eg. We are providing Google provider for third party auth. So if we want to provide our app as a custom application in Google workspace SSO. How will I be able to configure it with supertokens third party auth. Even if I get a minimum information from your side , it would be really helpful.

Val

12/08/2022, 8:27 AM

Hi, weird ask but don't know how to figure out. I have two roles for my authentication. One can be handle 100% by supertokens but the other one is a little special. I'm making a MVP product based on Ghost CMS (it's a blogging CMS) and when user signup to my API, this one create an account author on Ghost CMS. My idea was to use Ghost has auth provider when user send credential to login I want to auth over ghost and if credential are good provide a JWT or something to the client. I saw we can create create JWT from backend SDK but how to use JWT on client side with the same way to the 100% supertokens like the other role? Some tips? My first idea is to create a fake session and return it to the client like a real one but the user doesn't exist one supertokens database Don't know if I was clear .. Sorry if not [[UPDATED]]