If SuperTokens Core is being hosted locally, is there a way to enforce that calls to it can only come from

localhost

? (That is, only the local web app can make calls to it and no one else.) I know we have the API keys. But theoretically, enforcing that only

localhost

is allowed would add additional safety, right? 🤔

NextJS Session Recipe Documentation

On flutter it is possible to log in with your email/username and password. Then after checking his information, asked for the second authentication factor(example: totp/email/sms)

hello.@rp_st when resetting password, how can I detect if newPassword is the same as old one? supertokens server is selfhosted, and is seperated from api backend. the only receives when resetting password are just password and token.

@rp_st Why does it take time to validate role claim? I signed up a user, added a role got this log

roles.go:94: [Info] Role added to user: &{false} with user_id:702116bc-1a9f-4a1c-b71e-3d74d9c0fce4 role: admin

but i can't call endpoint with role claim validator it eventually works, but i am not sure about the exact time calling this returns role as admin

go
    admin.Get("/auth/role", func(c *fiber.Ctx) error {
        sessionContainer := session.GetSessionFromRequestContext(c.UserContext())

        response, err := userroles.GetRolesForUser("public", sessionContainer.GetUserID(), nil)

        if err != nil {
            log.Errorf("Error getting roles: %v", err)
            return util.ReturnError(c, 500, "Error getting roles")
        }
        return util.ReturnSuccess(c, response.OK.Roles)
    })

Hey Hi guys, Actually we are running self-hosted supertokens in docker. W got an issue like initial some days I can find "add user" button in user management dashboard to add users but after some days it is not showing. We have done R&D but didn't find any solution. What was the issue or did I miss any configuration?

https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/handling-session-expiry Can I use this handler with Next.js 13/14?

hi, @rp_st We encountered this error when we tried to log in. But we did not make any changes to supertokens that would affect this. why could this be? SuperTokens core threw an error for a request to path: '/public/recipe/signin' with status code: 403 and message: Email password login not enabled for tenant.

Hello, I have issues with the sign out function Frontend : React Backend : FastAPI I get a 200 from the sign out request but the user is still signed in

How to associate both email and phoneno in passwordless?