is there a way to list all users?

If we use the supertokens connection uri, we wouldn't be able to modify the database to create new tables etc. This means that I have to "copy" the user id and email to my app's database, resulting in redundant information and possibly out of sync. What is the recommended action here? Why wouldn't ST let us have the db connection for prod just like for dev?

Hello I'm trying to implement a custom SMTP configuration for passwordless auth as specified in this guide https://supertokens.com/docs/passwordless/email-delivery/smtp/configure-smtp . The problem though is that the init method from passwordless does not expect any parameter such as

emailDelivery

as specified in the above-linked article. Could you please help take a look at this? Type - Supertoken NodeJS Version - 11.3.0

Anywhere that I could find a example of using Vanilla JS to create custom UI?

Using emailPasswordSignUp function returns 500 Internal server error

UserContext

vs

UserMetadata

which one to choose for user profile data such as timezone, address, etc.?

I'm having trouble with NestJS + GraphQL, I've seen there were older messages about this in discord but it didn't really help... Honestly I have no clue of how, according to the supertokens documentation of vanilla graphql on nodejs, this should be done:

ts
@Injectable()
export class GQLAuthGuard implements CanActivate {
  async canActivate(context: ExecutionContext): Promise<boolean> {
    const ctx = GqlExecutionContext.create(context).getContext();

    let err = undefined;
    // You can create an optional version of this by passing {sessionRequired: false} to verifySession
    await verifySession({ sessionRequired: false })(
      ctx.req,
      ctx.res,
      (res) => {
        err = res;
      },
    );

    if (ctx.res.headersSent) {
      throw new STError({
        message: 'RESPONSE_SENT',
        type: 'RESPONSE_SENT',
      });
    }

    if (err) {
      throw err;
    }

    return true;
  }
}

Hi, I'm facing a problem with the

st-auth-mode

request header. First, I do a signup request (using the email password recipe) where I set the header

st-auth-mode: cookie

. I then get a response with

Set-Cookie

headers for the access token and refresh token. This is as expected. Next, I do a signup request where I don't set the

st-auth-mode

header. I then get a response with both

Set-Cookie

headers and

st-access-token

and

st-refresh-token

headers. I do not expect to get the

Set-Cookie

headers. I do a signup request one more time, again without setting the

st-auth-mode

header. This time only the

st-access-token

and

st-refresh-token

headers are set. This is as expected. All signup requests I do afterwards without the

st-access-token

header give the same proper result. The second request should not have returned the

Set-Cookie

headers. Is this a known issue or am I doing something wrong?

Is it safe to set checkDatabase to false in verifySession for all endpoint if I am writing my own logic for checking revoked blacklisted tokens? What does supertokens core check apart from checking whether the token is blacklisted?

hey @josephmilanmd our sdk does not return a 403 for this route. Maybe something else is doing that on your end?