Hello folks, We are building an open-source platform (http://github.com/agenta-ai/agenta) where we want to include features for authentication. Each of our users hosts our platform in their own instances. We were thinking of using supertokens for authentication. One idea we had is to have one central supertokens core instance hosted by us that is shared by all users of our platform (meaning each user hosts their own instance of agenta, and their agenta backend calls supertokens core hosted by us). This would allow us to measure the real number of our users. Now, the challenge is that means that the supertokens core that we host will be openly available to all the internet without API keys. The question is: what security risks does this present? I understood that the supertokens core provides an endpoint for session creation. However, the backend itself is the one that verifies this session internally. So, if my understanding is correct, even if some attacker used supertokens core to create a session, they won't be able to user this session token in a users backend. Is this correct?

Hi, i'm having an issue in flutter while migrating sessions from firebase auth, the migration works fine, the new session cookie is set, but when navigating to the next page and making an API call,

SuperTokens.getAccessToken()

returns null. Any ideas on why the session would be lost ?

Hey everyone. I'm trying to connect a Unity (game engine) client app with SuperTokens. Is there any documentation, examples or quick start guides on how to use C# on the frontend to authenticate with SuperTokens ?

Getting invalid api when curling to create a dashboard user with supertokens server -> curl --location --request POST 'Server link' \ --header 'rid: dashboard' \ --header 'api-key: ' \ --header 'Content-Type: application/json' \ --data-raw '{"email": "","password": ""}'

hi, is it expected that using Supertokens with next.js disables static optimization entirely? Our entire app is protected, so we get this error in the Vercel logs:

Warning: You have opted-out of Automatic Static Optimization due to `getInitialProps` in `pages/_app`. This does not opt-out pages with `getStaticProps`

This causes some strange downstream issues for us, because now everything in our client needs to get rendered via serverless functions

Is there a way to manually generate a verification link for a user? Found https://supertokens.com/docs/emailpassword/common-customizations/email-verification/generate-link-manually but not yet documented. The use case for this being the username has been changed, which marks it as not verified anymore, I want to then generate a new verification link and send that through to the new username once it has changed. Is this possible currently? or would I only be able to fire the new verification email once the user has created a session with the new username? thanks in advance 🙂

Hello, I (akshat-g-07 on github) have been wanting to contribute to this community (supertokens-auth-react) and I was trying to setup the project in my local. I went through the steps mentioned in the Contributing.md. And I think something didn't go as expected that's why I am not able to setup. If someone can connect with me (so that I can share my screen) for few minutes to help me there, it would be really helpful. We can discuss it here as well if connecting is not convenient. Thanks in advance 🙂

I'm running a Supertokens managed instance in production (on my Flask Python backend, which is hosted on Google Cloudrun). Since it's inconvenient to access the dashboard URL through cloudrun, I found I can run my backend locally (with production flags set) and then access the production dashboard at http://localhost:8000/auth/dashboard Is this recommended / might this interfere with the instance running on prod? (e.g. if limited connections to the Supertokens instance is permitted at once)

@rp_st hello, I was using the supertoken 3.14 version it was working fine then switched to latest version it broke down and i am getting this error recently org.postgresql.util.PSQLException: ERROR: column "use_static_key" of relation "session_info" does not exist

thirdPartySignInAndUp

gives me the following error. CORS configuration should be good as it works fine for normal sign in/up with credentials. Any ideas?