Hi, I have a question. I am creating a login for a company dashboard. Right now anybody can sign up and sign in, but I want that the user account has to be approved (just one time) before to log in. Is there a way to do it. I am using email and password authentication

Hi, what could be the reason that accessTokenPayload is not refreshed on the frontend? I try to update AccessTokenPayleod in my custom middleware on backend:

const currAccessTokenPayload = req.session!.getAccessTokenPayload();
await req.session!.updateAccessTokenPayload({ newKey: 'newValue', ...currAccessTokenPayload });

and in frontend i cannot see it in the

const { accessTokenPayload } = useSessionContext();

, but in the sAccessToken cookie it already is

How would I use supertokens to authenticate a react chrome extention?

ok so I was supposed to use the root project to download and setup the core and plugin interface projects. I tried to do it but couldn't because of my windows machine, you described something about wsl2 in the docs but I also couldn't do it

Hi, was wondering if SuperTokens has a SOC 2 report available somewhere? I see there's a trust page at security.supertokens.com, but couldn't find the SOC 2 report.

hello, @rp_st , I have multiple frontends, and they are entirely different base domains, how can I make supertokens work? I already used header based auth. The point is multiple frontend uses the same project, means same supertokens config.

The third party provider google seems to be missing from the backend configs. I am getting this error message while using google third party login What could be the issue? @rp_st please guide

Hey there, @rp_st I'm currently integrating social authentication (google) into my application via SuperTokens. I'm looking to retrieve additional user details such as first name, last name, and gender from the social authentication process. However, it seems that these details are not being populated in the user data. as these are basic user details that must provided by google or any other social auth. Could you please let me know if there's any extra configuration required in the SuperTokens config to fetch these details, or if it's outside the scope of SuperTokens?

Hey everyone, Does anyone know why supertokens tries to read to https://publicsuffix.org/list/public_suffix_list.dat at startup ? As my backend and supertoken instance are in a private subnet, it throws an error as it cannot directly access the internet

Hey @rp_st I wanted to verify the session for my backend request. In the request, I am sending the Cookies header, and my expected response is as follows: if the session is valid, I want the session object returned; if it is invalid, then the refresh token flow should be triggered (401). However, the below snippet is throwing some error:

app.get("/auth/internal/verify-session", async (req: SessionRequest, res, next) => {
    try {
        await verifySession({sessionRequired: true}) (req, res, next);
        res.json({
            success: true,
            payload: req.session
        });
    } catch (err) {
        console.log("Error in verify-session", err);
        next(err);
    }
});

Error Log:
Error in verify-session Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client    

Response:
{
    "message": "unauthorised"
}