Bom dia (Good Morning) I am implementing super tokens on django (backend), using thirdparty (only) recipe. I would like your opinions for best practices on how to initialize it. Currently I have a module and using the module config, I'm calling the start method where I have the init function. (I'll attach some screenshots) Still says that it is not initialized

Can I share tokens somehow between subdomains? So let's say I have app.todolists.io and admin.todolists.io so I can do some user management or whatever in the adminpanel. Can I share my login between those two apps so I don't have to reauthenticate? (and maybe I would have an account.todolists.io for language and theme preference for example, or to enable 2fa in the future ;-))

Hey all, I am setting up Supertokens with Next.Js project and Flask. So my backend APIs' are running on Python flask on Http://localhost:5000/ and Next.js App is running on http://localhost:3000/. Using Managed service as Core. Followed Next.Js steps and can see the login page but when trying to signup or login I am getting CORS errors. Questions: Do I need any changes to Flask to make backend work or not? How to fix CORS errors? Please advise. Thanks in Advance.

I discovered today that Playwright might give devs access to the browser's cookies. (Would have to confirm on my own.) If they do, it could be a great tool for testing example repositories since it also enables devs to disable JavaScript in the browser during end to end testing. If a set of standard test cases could be created, they could be run against any example repo to make sure everything still works as expected during repo NPM package upgrades, etc. Hoping to look into this sometime within the next 4 months. But sounds pretty exciting (since it would take away a lot of manual work).

Hi, I'm looking for some clarification on the pricing change that seemed to happen March 18th. Is multi-factor authentication support via SMS something that we will be charged for even if we aren't using SuperToken's sending services? We're using our own service to send the text message after overriding the

smsDelivery

function, under the

Passwordless

recipe, and we were not expecting the new $100/month price minimum.

hi, i faced an issue.

Error: SuperTokens core threw an error for a POST request to path: '/recipe/accountlinking/user/primary' with status code: 402 and message: Account linking feature is not enabled for this app. Please contact support to enable it.

SESSION STILL AVAILABLE AFTER REVOKING IT

I have a question about the Dashboard - is it safe and meant to be deployed in a production? I'm currently using a self-hosted instance, and what sparked this question for me is that self-hosted doesn't require sending the

api-key

header, thus allowing anyone who has access to the supertokens instance to create a new user/change password etc. My assumption is that supertokens instance should not be exposed to the world, and communicated only with via backend. Is that correct?

I'm trying to get user name and surname following this section of the guide https://supertokens.com/docs/thirdparty/common-customizations/get-user-info where I should be able to access data with

override: {
                functions: (originalImplementation) => {
                    return {
                        ...originalImplementation,
                        // override the thirdparty sign in / up API
                        signInUp: async function(input) {
                            // TODO: Some pre sign in / up logic

                            let response = await originalImplementation.signInUp(input);

                            if (response.status === "OK") {
                                // This is the response from the OAuth tokens provided by the third party provider
                                let accessToken = response.oAuthTokens["access_token"];
                                // other tokens like the refresh_token or id_token are also 
                                // available in the oAuthTokens object.

                                // This gives the user's info as returned by the provider's user profile endpoint.
                                let firstName = response.rawUserInfoFromProvider.fromUserInfoAPI!["first_name"];

                                // This gives the user's info from the returned ID token 
                                // if the provider gave us an ID token
                                let lastName = response.rawUserInfoFromProvider.fromUserInfoAPI!["last_name"];
                            }

                            return response;
                        }
                    }
                }
            }

in the ThirdPartyEmailPassword.init() function in config.ts provided by the pre build code. Once here, what am I supposed to do to get name and surname? store it in metadata and then retrieve them through an api call?

@rp_st There is a problem with the frontend. If I clear the st-last-access-token-update cookie and then try to login/signup, supertokens' backend will start giving error. Even after reloading the page, it won't work. It happened with me earlier also but that was because I was using * in cors , but now that is not the case. My backend supertokens-python version is 0.12.6, in the frontend the versions are: "supertokens-auth-react": "^0.31.1", "supertokens-node": "^13.0.2", "supertokens-web-js": "^0.5.0",