hello guys! question: is there any way to include supertokens API into general swagger-based API docs of the project? i use nest.js and connected via middleware, so maybe it's not possible or maybe you know how to do it?

hey, I am using a NestJS backend (with Fastify adapter). I've followed the full guide here - https://supertokens.com/docs/session/nestjs/guide (with a self hosted supertokens core). I have the setup mostly working but running into CORS issues. (api listening on

http://localhost:3001

and ui running on

http://localhost:3002

)

app.enableCors({
    origin: ['http://localhost:3002'],
    allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
    credentials: true,
  });

It looks like the CORS policies are not being applied correctly to the endpoints that supertokens middleware adds, ex. /auth/session/refresh CORS is applied correctly to the rest of my NestJs endpoints and my react UI at localhost:3002 can query all my regular endpoints but any requests to supertoken middleware endpoints fail with the error below (even though the preflight to /auth/session/refresh seems to be successful 204

Access to fetch at 'http://localhost:3001/auth/session/refresh' from origin 'http://localhost:3002' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Heyy, We have a nest.js application deployed on Railway. In the frontend we have next.js deployed on Vercel. In the backend CORS is set like this

app.enableCors({
    origin: [
      '*',
      'http://localhost:3001',
      'http://localhost:3000',
      'https://*.vercel.app',
      'https://*.vercel.app/*',
    ],
    allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
    credentials: true,
  });

But for all the vercel preview builds, we can't test the app because of CORS issues. Any Idea how to fix it.??

I have an issue with refreshing tokens with Next'js & Nest.js. I have followed guide for Sessions with Server Components: https://supertokens.com/docs/thirdparty/nextjs/app-directory/protecting-route#sessions-with-server-components--pre Everything works fine until the access token expires and new one has to be issued. Then at this moment I receive an error that prevents anything from rendering.

Warning: Functions are not valid as a React child

Refreshing the page afterwards with a valid access token doesn't cause issue. This stacktrace also mentions

SessionAuth

component, which makes me suspect that it's problem with the SuperTokens itself. Let me write this step by step what happens: 1. Refresh token epxires. 2. Browser sends two requests to:

/auth/session/refresh

and then

/auth/session/verify

(but not always). Response status codes are

200

3. While these requests happen, nothing is being rendered. These requests set the cookies accordingly. Error pasted below. 4. Refreshing site once again makes everyghing "just appear" and application behaves as desired. I have tried lowering the time

ACCESS_TOKEN_VALIDITY

environment variable to a few seconds to make sure that it's the invalid access token that causes trouble.

Hello, we are pretty new to SuperTokens and I am exploring its capabilities. We are trying to implement 2 ways of communication with SuperTokens. 1. Our frontend to our backend. (Should be fine) 2. Third party to our backend. Right now, I am trying to implement the 2nd one, I tried to use the emailpassword way to do it to test. Basically I created a signin function to send post request with the email and password to the Middleware, get the response and set up the cookies (access, front and refresh token), same for signout and signup. The problem I am having is that whenever the access token expired (refresh token is still alive), it won't generate new access token (even though I sent a request to the /auth/session/refresh). Another question is there a suggested way to implement third party to our backend communication authentication with SuperTokens?

I am having a new error now at iOS only, Supertokens throws this "Please provide a valid domain name":

(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/.test(r))?"http://"+i.host:"https://"+i.host:i.protocol+"//"+i.host}catch(e){}if(t.startsWith("/"))throw Error("Please provide a valid domain name");if(0===t.indexOf(".")&&(t=t.substr(1)),(-1!==t.indexOf(".")||t.startsWith("localhost"))&&!t.startsWith("http://")&&!t.startsWith("https://")){t="https://"+t;try{return new URL(t),e(t,!0)}catch(e){}}throw Error("Please provide a valid domain name")}(e)}},29996:function(e,t){"use strict";Object.defineProperty(t,"__esModule",{value:!0

My app info:

const appInfo = {
  appName: 'Lokalist Business',
  apiDomain: GET_FRONTEND_URL(),
  websiteDomain: 'dashboard.lokalist.mobile.app',
  apiBasePath: '/api/auth',
  websiteBasePath: '/auth',
}

export const GET_FRONTEND_URL = () => {
  if (process.env.NEXT_PUBLIC_APP_STAGE === 'production' && process.env.NODE_ENV === 'production') {
    return 'https://dashboard.lokalist.nl'
  }
  if (process.env.NEXT_PUBLIC_APP_STAGE === 'development' && process.env.NODE_ENV === 'production') {
    return 'https://staging-dashboard.lokalist.nl'
  }

  return 'http://localhost:2001'
}

What could it be? The origin is

capacitor://localhost

Hello, I have a doubt regarding multiple instances on the supertokens core running at the same time? I'm looking at the self-hosted version, and was wondering if I have 3 docker containers running the supertokens core and pointing to the same DB does this create an issue or can I have as many containers running as I need. This is for a High Availability simulations on my side. The full use case is for example putting all my core instances behind a load balancer so I don't have a single point of failure.

Hello, I just integrate supertokens in my django app (backend). I well received tokens on my frontend (simulated with Insomnia). Next step is to integrate supertokens authentication on django authentication backend. Do you have some documentation about that?

my frontend keeps attempting to refresh even though i just logged in

Hi, when clicking on signout, or hitting any endpoint where we validate the session i get a inifinite loop of requests "try refresh token" cant figure out what's wrong