Good morning from Sweden! I am using a setup of supertokens consisting of passwordless (phone verified login) and sessions. My stack also consists of Nest.js and Hasura. I've implemented JWTs according to your documentation, and it has mostly worked really well. However, there's one issue. Every now and then, all the JWTs generated and sent for verification to Hasura are treated as invalid. When this happens, the only solution I've found is to restart the Hasura instance so that it refetches the JWK via the jwk_url. Once this is done, it starts working again. It seems that this issue coincides with either an update of the JWK in our backend or a change in our backend deployment to use a newer version. I am assuming that Hasura remains unaware and doesn't attempt to refetch a new valid JWK. I'm unsure if there's an error in my implementation or if this is a bug. Any help would be appreciated.

@bradvrm Moving this to a separate thread

Think I might have a bug report regarding user meta/the dashboard. I'm using ThirdPartyEmailPassword receipie in my FE and BE configs. And UserMeta/Dashboard in my BE config When I go to the dashboard to edit a users name and click save I get these logs:

Error: Initialisation not done. Did you forget to call the SuperTokens.init function?
at Function.getInstanceOrThrowError (/app/node_modules/supertokens-node/lib/build/recipe/emailpassword/recipe.js:199:15)
at /app/node_modules/supertokens-node/lib/build/recipe/dashboard/api/userdetails/userPut.js:76:18
at Generator.next (<anonymous>)
at /app/node_modules/supertokens-node/lib/build/recipe/dashboard/api/userdetails/userPut.js:30:75
at new Promise (<anonymous>)

But when I refresh the dashboard, the meta has actually saved

Hello, is there some sort of hook I can use within react comps to get access to the sessions or rather to validate the AUTH status: const root = ReactDOM.createRoot( document.getElementById('root') as HTMLElement ); root.render( ); maybe like a useAuth() similar to Auth0.

Hello, we are pretty new to SuperTokens and I am exploring its capabilities. We are trying to implement 2 ways of communication with SuperTokens. 1. Our frontend to our backend. (Should be fine) 2. Third party to our backend. Right now, I am trying to implement the 2nd one, I tried to use the emailpassword way to do it to test. Basically I created a signin function to send post request with the email and password to the Middleware, get the response and set up the cookies (access, front and refresh token), same for signout and signup. The problem I am having is that whenever the access token expired (refresh token is still alive), it won't generate new access token (even though I sent a request to the /auth/session/refresh). Another question is there a suggested way to implement third party to our backend communication authentication with SuperTokens?

Hello, I'm using supertokens within my flask application using https://github.com/supertokens/supertokens-python This is a short example of my code: from supertokens_python.framework.flask import Middleware app = Flask(__name__) init_supertokens(app) Middleware(app) CORS(app=app, origins=[app.config.get('WEBSITE_DOMAIN', '')], supports_credentials=True, allow_headers=["Content-Type"] + get_all_cors_headers()) I was trying to add flask_socketio using the following code:

from flask_socketio import SocketIO

SocketIO(app)

But than I came across asyncio issues(Added image of the error) It seems that there is a clash between the socket io event loop and the supertokens asyncio, can you please recommend the best practice of how to integrate flask_socketio while I already have supertokens installed on my flask? Thanks!

I'm getting this error: SuperTokens core threw an error for a POST request to path: '/recipe/session/regenerate' with status code: 400 and message: The user payload contains protected field My code looks like this:

await session.mergeIntoAccessTokenPayload({ sessionHandle: session.getHandle() });

How can I go about debugging this?

Hi, Can I use SuperTokens with Traefik ForwardAuth?

Hello, I've been struggling to make the setup for Next.js with Edge Functions work. When following the new Next.js setup instructions, using a session guard for an API route works until that route is an edge funtion. To reproduce I updated the example you have linked and added

export const runtime = 'edge';

to the user route https://github.com/supertokens/next.js/blob/canary/examples/with-supertokens/app/api/user/route.ts This now causes the error

Module not found: Can't resolve 'zlib'

(same for

querystring

and

crypto

). e.g. when running in dev or even during build. Which i think is strange since the middleware uses withSession without issues an is supposed to be the same edge runtime. The only "workaround" I found was to tell webpack to stop polyfilling (with config below). But that breaks things elsewhere. Have you (or someone else in here) had similar experiences or a better solution? Any recommendations going forward for Next.js Edge Functions?

const nextConfig = {
  webpack(config) {
    config.resolve.fallback = {
      ...config.resolve.fallback,
      crypto: false,
      querystring: false,
      zlib: false,
    };

    return config;
  },
}

Hi guys, are there any endpoint that only verifies the email&password, returns user information but doesn't create a new session token? I'm working on backend and want to write a function which needs to verify the user with email and password (accepted as query parameters) but not the Bearer header. Currently I'm doing it with

/auth/signin

, but it creates session tokens every time I run it. Is there a better solution?