Hi

I'm working on jwt authentication for my application using super tokens.. I'm getting some middleware errors:

Middleware error

Hi SuperTokens team, I am using Supertokens with NestJs. All my APIs are rate limited via https://docs.nestjs.com/security/rate-limiting. Do you have any clue to let the SuperTokens middleware (for calls like e.g. /auth/signin) be aware of these rate-limiting settings?

rate limiting

how to array used, It will be great to write as both ip and localhost when testing local.

iam update user profile but session dont update how to client update session ? iam search docs but dont find :/

Hi supertokens teams I'd like to know if it is possible to verify the signature of an access token on client side (it's a main app server) ? I've retrieved the jwks, the access token but I cannot match both.

Route POST:/auth/session/refresh not found

Why do I need to add a userId when creating a session. Is it used as a primary key in the database or can there be multiple sessions with the same userId?

Does updateUserMetadata replace the metadata or does it patch it? nvm, it patches it

Is it possible to add multiple supertoken instances in a single express application? The documentation only mentions a single instance using supertokens.init(). I'm wanting to set up a multi-tenant type of architecture with a single webserver and multiple cores.

Hey i wanted to use supertokens in a very headless way, is there any example project that has a fully customized UI?

I'm using the session reciep with an express backend. Should I set location.origin as the apiDomain, when initializing the frontend, or the apiDomain of the hosted supertokens service? When putting in the apiDomain of the hosted supertokens service, I get CORS errors. When putting in location.origin, the backend logic works fine, but doesSessionExist() always resolves to false and refreshing the accessToken also doesn't work.

Hello team, Does supertokens support google's prompt login. Like login via google without redirection. Where google shows you the login accounts directly on the site.

Hey everyone! I am using AWS Api Gateway and I would like to use the authorizer function described here: https://supertokens.com/docs/thirdpartyemailpassword/serverless/with-aws-lambda/authorizer I do not want to hit my Supertokens server with every request though. Therefore I was wondering what endpoint does

await Session.getSession()

hit and is it possible to cache that response with AWS Cloudfront that sits in front of my Supertokens server?

Can I use verifySession in a way that the route is also accessible by users without a session? I thought

verifySession({ sessionRequired: false })

would do the trick, but requests without a session get a 401. This is a problem for me, because I'm using https://telefunc.com for client <> server communication. The tool uses one route, whereas some requests need data from a possible existing session and some don't. Is there maybe another way without using verifySession?

How with nodejs would I add my own custom validation to an email when user signs up

Hey everyone! How do I access

/jwt/jwks

. I deployed Supertokens as AWS Lambda. This url for signing up works great: https://xx1g573a5h.execute-api.us-east-1.amazonaws.com/prod/auth/signup But how can I reach the

/jwks

endpoint? Calling this https://xx1g573a5h.execute-api.us-east-1.amazonaws.com/prod/auth/jwt/jwks returns:

{
  "error": "The middleware couldn't serve the API path /auth/jwt/jwks, method: get. If this is an unexpected behaviour, please create an issue here: https://github.com/supertokens/supertokens-node/issues"
}

Hey everyone, I am using passwordless flow to send password/email OTP's. Now I want to do some checks in my backend in

consumeCode

section but I am unable to get the login type(phone/email). The reason I need login type is to determine what is the input I am getting and accordingly check for the relevant user in the backend. Can anyone please enlighten me here?

Hi there. Is it possible to have multiple supertokens cores for one application? I'm trying to create one core for standard authorization with a small token validity period and one core for a mobile app, where the token will be valid for a long time. At a time I'm calling init ( from supertokens_python) when initialising my Django project . if I call init a second time with configs related to another supertokens core , will it work? I'm using Django btw

ts
    EmailVerification.init({
        mode: env.auth.requireEmailVerification ? 'REQUIRED' : 'OPTIONAL',
        emailDelivery: {
          override: originalImplementation => ({
            ...originalImplementation,
            sendEmail: async (input) => {
              console.log('Sending email', input)
              console.log('Sending email', input)
              if (input.type === 'EMAIL_VERIFICATION') {
                await emailsService.sendEmailVerificationEmail.mutate({
                  user: {
                    id: input.user.id,
                    email: input.user.email,
                  },
                  emailVerifyLink: input.emailVerifyLink,
                })

                return Promise.resolve()
              }
            },
          }),
        },
      }),

thats true ?

What’s the question @productdevbook ?

ts
console.log('Sending email', input)

console.log nothing comes up after registration

Hi Guys,

Using prebuilt ui

Cookie issue for me

Trying to use SuperTokens in an Electron app. Have taken a look at the example on Github and have implemented them into my own project. Trying to log in using Google and it is not directing my as it normally would on the browser.

Upon clicking the button the request in the video is sent

I have issue with set-token in mobile browser. Using mobile version of Safari 16.1 (but can be reproduced in chrome mobile version also) Desktop version of set-cookie: Mobile version of set-cookie: as you can see, set-cookie is not full in mobile version. is it a bug?