Hey, I have run into the infamous Safari itp blocker. I trying to get a password less flow with otp codes working in a iframed environtment under a page that we don't control the domain on. So we cant serve out content from the correct domain. I have switched to the header

tokenTransferMethod: "header"

flow instead of the cookie based one as suggested. Everything works fine in chrome and firefox, the

authorization

header gets set with the expected value and the backend is able to authenticate the request. But in safari no header is provided, which causes the flow to not work. The consome call for the otp works fine and we get a response from the server containing all the expected tokens. But the following request to the api does not contain anything and returns with a 401. After digging around a bit it in https://github.com/supertokens/supertokens-website/blob/master/lib/ts/fetch.ts it looks like even when using the header mode all the tokens still gets stored as cookies by the client and this will then also fail because of itp. But setting values in localstorage/session should still work, with some limitations, but it should get the flow running as expected for the current session at least. So is there a way to totally disable cookies and only store all the tokens in local storage when header mode is active?

Hi, cookie based auth is not working on desktop Safari, is that expected?

🤠 good day folks. what is the best approach for handling unit tests with supertokens python SDK? unfortunately i have procrastinated on this for way too long. is there any easy mechanism to mock the user session? i know about the recipe specific API overrides as I am using some of those to customize the auth flow. is there a way to mock the response for user session as well? Can I override the

verify_session

function in the session.init()?

On the roles and permissions recipie, is there support for associating roles with another object? For example, on our system users belong to a number of teams, and have a role within that team so the same roles and permissions need to be duplicated for each team. Is there a way to support that within the recipe or would I have to build it entirely separately?

Hi, did anyone manage to secure command line applications using SSO with Supertokens ?

Hi all, Is there a way to create a test user who can login without otp

Is it possible to add multiple supertoken instances in a single express application? The documentation only mentions a single instance using supertokens.init(). I'm wanting to set up a multi-tenant type of architecture with a single webserver and multiple cores.

Hi SuperTokens team, I am using Supertokens with NestJs. All my APIs are rate limited via https://docs.nestjs.com/security/rate-limiting. Do you have any clue to let the SuperTokens middleware (for calls like e.g. /auth/signin) be aware of these rate-limiting settings?

Is there already a solution to using supertokens with tRPC? Thanks in andvance

Hi! I've implemented the SuperTokens login to a vue3 project and it works beautifully, but am greeted with lint-like errors for every class across the app, and I've isolated it down to the

supertokens-auth-react

package that appears to be causing it. Any info or advice to clean these errors would be super helpful 😊 Additionally here is the inline error

Type '{ class: string; }' is not assignable to type 'DetailedHTMLProps<HTMLAttributes<HTMLDivElement>, HTMLDivElement>'.
  Object literal may only specify known properties, and 'class' does not exist in type 'DetailedHTMLProps<HTMLAttributes<HTMLDivElement>, HTMLDivElement>'.ts(2322)
index.d.ts(3176, 13): The expected type comes from property 'div' which is declared here on type 'IntrinsicElements'