Hi! I am having performance issues with your managed service. My fastapi endpoint is ~0.08s on average, then I plug in supertokens session verify (not with access token blacklisting) and I am getting ~0.6s response time. Why is this ~8x slowing? Have I got any slow configuration? How can I improve this? Is it only in dev? Is it only in managed? Thanks!

Hy everyone. I have trouble using tokenTransferMethod: 'header'. I want to ship my react app in a webview on iOS with CapacitorJs. I can't make the webview work with cookies on iOS so I thought I could switch to header based auth. So I just added tokenTransferMethod to my client configuration. The client seams to pick it up since I see the header "st-auth-mode: header" to be sent. But I don't see any header "Authorization" being sent to the server. I also added logging which tells me in the browser following interesting lines:

com.supertokens {t: "2023-04-14T09:32:58.495Z", message: "setAuthorizationHeaderIfRequired: token for header based auth not found", supertokens-website-ver: "16.0.1"}

I'm actually a bit confused. I would expect that the tokens are stored somewhere like the local storage and then attached from there. But they seam to be read from the cookies which should not be used as I stated to use headers. Is it my responsibility to persist the tokens somewhere? Am I missing something?

I want to log the user out when their subscription is ended. Is there any way I can set custom expiry to cookies and sessions for each user based on their subscription? The default time will be 7 days but users with less than 7 days remaining on their subscription will have the session & cookies expiry date the same as their subscription end date.

Any way of seeing supertokens logs? I used the dashboard to change a user's password, however when I try to login I am still getting a wrong credentials error

@rp_st SuperTokens working with Ionic 6?

I'm having some trouble routing the user from the signup form to the

passwordless

phone number input after sign up. I'm overriding emailpassword's

signUpPOST

function by calling: -

signUp

(/recipe/emailpassword) -

createNewSession

(/recipe/session)

signUpPOST: async function (input) {
    let signup = await signUp(
        email,
        password,
        input.userContext
    );

    if (signup.status === 'OK') {
        // Create database user
        ...

        // Create session
        return createNewSession(
            input.options.res,
            signup.user.id,
            undefined,
            undefined,
            input.userContext
        );
    }
}

I'm unsure if the

input

variables I'm passing here are correct, or if there is another recipe function I should be calling. The session and user seem to be created properly, but the frontend requires a manual refresh in order to reach the

passwordless

Second factor auth (phone number input page). Without a manual refresh, the frontend says to sign in instead since the email is already in use.

How exactly does the doesSessionExist work?

Docs question: I'm using Phoenix framework on Elixir which doesn't have library integration built. Is there a place for docs how to start from zero? I don't promise anything but Appwrite has SDK generator and I've built Elixir generator part for them while trying it. It's not in the MR yet though.

Thanks so much, it is working now but, is there any way to handle it directly from Backend? I mean, if I detect that the session is expired on Backend, is there anyway to refresh it directly from there, instead of responding with "try refresh token" message to Frontend and getting request on auth/session/refresh? I know it is conceptually different from what SuperTokens is for, but I am trying to handle something else with described scenario.

Hi, is there a way to know how the user signed up (emailpassword or thirdparty)