@rp_st i sign in email or password using emailpassword recipe.if password wrong how to block login some time attempts in supertoken?

good morning. i am using email/password login and i want to add the email to the token. i believe i am supposed to use this, but my python skills are not as great as they should be, so i'm unsure how to access the email field. would it be in the user_context: https://supertokens.com/docs/emailpassword/common-customizations/sessions/claims/access-token-payload#during-session-creation

Hi! Can we create users without setting a password for them with the emailpassword recipe? And expect them to create their password after email verification?

Hello folks, We are building an open-source platform (http://github.com/agenta-ai/agenta) where we want to include features for authentication. Each of our users hosts our platform in their own instances. We were thinking of using supertokens for authentication. One idea we had is to have one central supertokens core instance hosted by us that is shared by all users of our platform (meaning each user hosts their own instance of agenta, and their agenta backend calls supertokens core hosted by us). This would allow us to measure the real number of our users. Now, the challenge is that means that the supertokens core that we host will be openly available to all the internet without API keys. The question is: what security risks does this present? I understood that the supertokens core provides an endpoint for session creation. However, the backend itself is the one that verifies this session internally. So, if my understanding is correct, even if some attacker used supertokens core to create a session, they won't be able to user this session token in a users backend. Is this correct?

Hello, I cannot access the ST dashboard on my backend anymore (core):

Hello, I am trying to implement social login (google).... async function googleSignInClicked() { try { const authUrl = await getAuthorisationURLWithQueryParamsAndSetState({ thirdPartyId: "google", // This is where Google should redirect the user back after login or error. // This URL goes on the Google's dashboard as well. frontendRedirectURI: "http://localhost:8100/auth/callback/google", }); /* Example value of authUrl: https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&access_type=offline&include_granted_scopes=true&response_type=code&client_id=1060725074195-kmeum4crr01uirfl2op9kd5acmi9jutn.apps.googleusercontent.com&state=5a489996a28cafc83ddff&redirect_uri=https%3A%2F%2Fsupertokens.io%2Fdev%2Foauth%2Fredirect-to-app&flowName=GeneralOAuthFlow */ // we redirect the user to google for auth. window.location.assign(authUrl); } catch (err: any) { if (err.isSuperTokensGeneralError === true) { // this may be a custom error message sent from the API by you. window.alert(err.message); } else { window.alert("Oops! Something went wrong."); } } } return { state, signUpClicked, signInClicked, googleSignInClicked }; }, }); and I get this error TS2345: Argument of type '{ thirdPartyId: string; frontendRedirectURI: string; }' is not assignable to parameter of type '{ providerId: string; authorisationURL: string; userContext?: any; providerClientId?: string | undefined; options?: RecipeFunctionOptions | undefined; }'.Object literal may only specify known properties, and 'thirdPartyId' does not exist in type '{ providerId: string; authorisationURL: string; userContext?: any; providerClientId?: string | undefined; options?: RecipeFunctionOptions | undefined; }'. What I am doing wrong ?

/email/exists endpoint fails for social media accounts. it seems that it only works for email account. any ideas how to impprove (override) it to support social accounts as well?

I am getting this 500 internal server error - custom ui, nestjs backend

Hey, does Supertokens work with Capacitor ( https://capacitorjs.com/ ) ?

I am getting a weird issue on refresh. The auto refresh works on get requests but not put/post requests.