Hi, I'm trying to implement supertokens into my nestjs + nextjs application with ThirdPartyEmailPassword. I encountered an error when trying to signin/signup with Google. The account is successfully signup/signin in the development environment but the /signinup api failed with status code 500 on frontend 400 on backend, then the error got displayed on the form. When reload the frontend application, it does recognize that I've logged in and redirect to the home page tho.

If the supetoken-core is running in docker, How to allow cors origin? I am getting this error - "from origin 'http://localhost:3001' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'."

Set up issue. With dashboard curling. Why do I either get this error. This is the curl - curl --location --request POST 'url' \--header 'rid: dashboard' \--header 'api-key: apikey' \--header 'Content-Type: application/json' \--data-raw '{"email": "example@gmail.com","password": "pass"}'

TOTP question - not enabled against Tenant but per individual user. User sets up TOTP Device and verifies. The following is added to metada:

"requiredSecondaryFactors": [
            "totp"
        ]

When user removed the device via device/remove and has no devices linked - should the metada automatically be updated to remove the required 2nd factor?

Hi, is there a way to mount the dashboard endpoint to a separate port with a seperate domain and gateway settings? except the obvious way of creating a separate deployment of our BE service for that purpose?

Implementing a refresh token flow as explained in https://supertokens.com/docs/session/common-customizations/sessions/ssr#3-implementing-the-refresh-session-flow-refresh-session-pagr causes the whole web app to 'flash' every time a token is refreshed, because we navigate to the /refresh-session page (using Remix in my example). Is there a way to refresh the token on the server during the request instead of redirecting to a front-end page that needs to do an API call and redirect back?

We've noticed that some of our authentication-related emails are being flagged as spam by GMail (e.g. password reset). * We're using our own domain name * We're using Mailgun to send the messages * SPF and DKIM is set up correctly * The GMail message implies the risk factor is the content of the emails itself: "Similar messages were used to steal people's personal information. Avoid clicking links, downloading attachments or replying with personal information" Our next move, therefore, will be to change the content of the message so that it doesn't resemble the default ST template. Was wondering if other people had faced something similar and had success with a different approach?

Helllo, I tested my app locally and it works fine, but when testing in staging trying to signup/login I'm getting an error in the console saying: "SyntaxError: Unexpected end of JSON input". I checked the request and I get a 200 and I also checked the dashboard and the user was created.

Hello, I want to know if supertokens support disabling private signup like https://docs.propelauth.com/overview/disable-public-signups

Hi All, I have an Issue with supertokens-react-native. When using the signOut function, calling doesSessionExist still return true. Does anybody have the same issue ?