Hello ! 👋 I am evaluating Ory Kratos and Supertokens. It looks like both can fit my needs, but my main concern in with the DB high availability part. I'm planning on deploying my app on a k8s cluster and using Yugabyte for the DB, and it seems Kratos does not support it according to some old github issue they had. I'm rather unimpressed with Ory's idea of high availability, which pretty much boils down to "we have infinite horizontal scaling capabilities as long as the DB follows, and that's not our problem", and then only allow pointing to a single hostname in the DB connection string. Even if I point to an haproxy or SQL proxy, I can't at least point to 2 and have a least one as a fallback. My questions would be : Can Supertokens be configured with multiple PGSQL targets in the connection string ? And before I go down that rabbit hole and test it myself, is anybody using Supertokens with Yugabyte as DB backend in production?

Hi guys, are there any endpoint that only verifies the email&password, returns user information but doesn't create a new session token? I'm working on backend and want to write a function which needs to verify the user with email and password (accepted as query parameters) but not the Bearer header. Currently I'm doing it with

/auth/signin

, but it creates session tokens every time I run it. Is there a better solution?

In a multitenant environment, I'm trying to use "getAuthorisationURLWithQueryParamsAndSetState(thirdPartyId, frontendRedirectURI) method" to get thirdparty login url, I'm having multiple tenants including public tenant. Public tenant don't have active-directory provider. But the other tenants have it. When I use that method, it's checking the public tenant. I'm using for logging in. I can pass tenant id from the front-end, but that method is not having a parameter to accept the tenant id. I'm struck here. Please help me out with this.

Good morning from Sweden! I am using a setup of supertokens consisting of passwordless (phone verified login) and sessions. My stack also consists of Nest.js and Hasura. I've implemented JWTs according to your documentation, and it has mostly worked really well. However, there's one issue. Every now and then, all the JWTs generated and sent for verification to Hasura are treated as invalid. When this happens, the only solution I've found is to restart the Hasura instance so that it refetches the JWK via the jwk_url. Once this is done, it starts working again. It seems that this issue coincides with either an update of the JWK in our backend or a change in our backend deployment to use a newer version. I am assuming that Hasura remains unaware and doesn't attempt to refetch a new valid JWK. I'm unsure if there's an error in my implementation or if this is a bug. Any help would be appreciated.

I got 405 when signin/up. I am using NextJS and passwordless login. (Phone) I have

pages/api/auth/[[...path]].tsx

and it's content is same as doc. This is my appInfo

export const appInfo = {
  appName: NAME,
  apiDomain: DOMAIN,
  websiteDomain: DOMAIN,
  apiBasePath: "/api/auth",
  websiteBasePath: "/auth"
}

I can see UI in

<DOMAIN>/auth

, but when I provide phone number and click continue, I got this.

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (refresh, line 0) <DOMAIN>/api/auth/session/refresh

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (refresh, line 0)
<DOMAIN>/api/auth/session/refresh

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (refresh, line 0)
<DOMAIN>/api/auth/session/refresh

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (code, line 0)
<DOMAIN>/api/auth/signinup/code

When i shift my vue frontend to a public domain, I can not login anymore. I get an log error "WebSocket connection to ... failed". The logs from the backend are okay. In the dashboard a new token is shown, but the frontend did not recieve this. I use vue behinde Traefik with the cors middleware. Do I have to add more options to Traefik?

Hi, I'm looking for some clarification on the pricing change that seemed to happen March 18th. Is multi-factor authentication support via SMS something that we will be charged for even if we aren't using SuperToken's sending services? We're using our own service to send the text message after overriding the

smsDelivery

function, under the

Passwordless

recipe, and we were not expecting the new $100/month price minimum.

if I use the SignInAndUp component from 'supertokens-auth-react/recipe/thirdpartypasswordless/prebuiltui' and I would like to catch API error, is it possible?

Hey guys, which functions would i have to mock out (via jest) to write an integration test for a user signing in -> to unverified email. I use the SessionAuth component, so some pointers would be great. (This component seems to be the one handling the redirection, but unsure of which functions to mock out from super tokens to make the component believe i'm an unverified logged in user)

Hi, can I send SMS using API, to a phone number that is not saved in the SuperTokens user management database? Thanks