So I am using

FastAPI

and I would believe that the

Middleware

will add the

/auth

endpoints (set website_base_path) to the fastapi application, but it does not. I dont see any errors though. I tried the example from github, but no success ( https://github.com/supertokens/supertokens-python/blob/master/examples/with-fastapi/with-thirdpartyemailpassword/main.py )

Hello ! 👋 I am evaluating Ory Kratos and Supertokens. It looks like both can fit my needs, but my main concern in with the DB high availability part. I'm planning on deploying my app on a k8s cluster and using Yugabyte for the DB, and it seems Kratos does not support it according to some old github issue they had. I'm rather unimpressed with Ory's idea of high availability, which pretty much boils down to "we have infinite horizontal scaling capabilities as long as the DB follows, and that's not our problem", and then only allow pointing to a single hostname in the DB connection string. Even if I point to an haproxy or SQL proxy, I can't at least point to 2 and have a least one as a fallback. My questions would be : Can Supertokens be configured with multiple PGSQL targets in the connection string ? And before I go down that rabbit hole and test it myself, is anybody using Supertokens with Yugabyte as DB backend in production?

Hi @rp_st Somehow the frontend SDK doesn't set interceptors on fetch and doesn't pass the session data when making requests. Our core is set at

identity.<domain>.com

and our microservices at

<microservice_name>.<domain>.com

When calling

<microservice_name>.<domain>.com

it return a 401 because we can get the logged in user roles. Also when inspecting the request going out of the browser, no supertokens headers or cookies are being sent

We've noticed that some of our authentication-related emails are being flagged as spam by GMail (e.g. password reset). * We're using our own domain name * We're using Mailgun to send the messages * SPF and DKIM is set up correctly * The GMail message implies the risk factor is the content of the emails itself: "Similar messages were used to steal people's personal information. Avoid clicking links, downloading attachments or replying with personal information" Our next move, therefore, will be to change the content of the message so that it doesn't resemble the default ST template. Was wondering if other people had faced something similar and had success with a different approach?

I got 405 when signin/up. I am using NextJS and passwordless login. (Phone) I have

pages/api/auth/[[...path]].tsx

and it's content is same as doc. This is my appInfo

export const appInfo = {
  appName: NAME,
  apiDomain: DOMAIN,
  websiteDomain: DOMAIN,
  apiBasePath: "/api/auth",
  websiteBasePath: "/auth"
}

I can see UI in

<DOMAIN>/auth

, but when I provide phone number and click continue, I got this.

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (refresh, line 0) <DOMAIN>/api/auth/session/refresh

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (refresh, line 0)
<DOMAIN>/api/auth/session/refresh

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (refresh, line 0)
<DOMAIN>/api/auth/session/refresh

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) (code, line 0)
<DOMAIN>/api/auth/signinup/code

I guessing that I can authenticate/authorise an API only application, with API authentication keys with SuperTokens but I'm not sure how. how can I create a API key to use for API requests to my app? I can create users using /recipe/signup but not sure how to create an access token that does not expire

When i shift my vue frontend to a public domain, I can not login anymore. I get an log error "WebSocket connection to ... failed". The logs from the backend are okay. In the dashboard a new token is shown, but the frontend did not recieve this. I use vue behinde Traefik with the cors middleware. Do I have to add more options to Traefik?

Hi Team, I am attempting to connect Supertokens to my PostgreSQL db running in a Heroku private space. In order to achieve this I need to pass through a client certificate, client key and CA certificate. I have all of these and have tried a multitude of ways to get the connection working through docker but was unable. I have successfully made a connection to a non-secure Postgres db in Heroku, but for production purposes, we are intending to utilise the Private Space. I initially tried to connect with 'Running SuperTokens and PostgreSQL with docker, with docker-compose' but realised that since the database is already running, it makes more sense to utilise 'Running SuperTokens with Docker and PostgreSQL without docker'. The issue I am facing now is I'm not able to pass through the certificates as an environment variable as seemingly only the following are available: POSTGRESQL_CONNECTION_URI POSTGRESQL_USER POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD_FILE POSTGRESQL_CONNECTION_POOL_SIZE POSTGRESQL_HOST POSTGRESQL_PORT POSTGRESQL_DATABASE_NAME POSTGRESQL_TABLE_NAMES_PREFIX POSTGRESQL_TABLE_SCHEMA

How can I make Postman send session tokens in requests if the sign-in request is not sending cookies in the response?

Hi! Question about redirecting after sign in...