```# npm audit report qs 6.7.0 - 6.7.2 Severity: high qs vulnerable to Prototype Pollution - https...

chunkygoo.

# npm audit report

qs  6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install supertokens-node@2.5.0, which is a breaking change
node_modules/qs
  body-parser  1.19.0
  Depends on vulnerable versions of qs
  node_modules/body-parser
    supertokens-node  >=3.0.0
    Depends on vulnerable versions of body-parser
    node_modules/supertokens-node

3 high severity vulnerabilities

```java Error: Initialisation not done. Did you forget to call the SuperTokens.init function? ``` I ...

Aithusa

almost 3 years ago

java
Error: Initialisation not done. Did you forget to call the SuperTokens.init function?

I keep getting this error when going to my /testauth path but I did call the function before the route

import { verifySession } from "supertokens-node/recipe/session/framework/express/index.js";

router.get("/testauth", verifySession(), (req, res) => {
  if (req.session == null) {
    res.send({ error: "Must be signed in", code: "401" })
    return
  }
  let userId = req.session.getUserId();
});

Hey, we have a problem with the client react on web. for some reason sometimes the refresh api from ...

Diesel

almost 3 years ago

Hey, we have a problem with the client react on web. for some reason sometimes the refresh api from the backend response is 502 in the network interface but in the backend we can see in the logs it returned 200. Was wondering what this 502 means maybe you know and could help us?

trying to access the dashboard

dhatguy

almost 3 years ago

trying to access the dashboard

Is there a way to remove the "Powered by supertokens" text from the bottom of the sign up / sign in ...

bitcoinrippin

almost 3 years ago

Is there a way to remove the "Powered by supertokens" text from the bottom of the sign up / sign in forms?

Google login brings me to a loading page with a spinner upon successful sign in

chunkygoo.

almost 3 years ago

Google login brings me to a loading page with a spinner upon successful sign in

Hi, is there any way to add own logger to supertokens to log requests (I am using middlleware)?

IaS1506

almost 3 years ago

Hi, is there any way to add own logger to supertokens to log requests (I am using middlleware)?

Hi, I tried running supertokens (the binary) in aws lambda and it doesn't seem to work. What I did w...

chunkygoo.

almost 3 years ago

Hi, I tried running supertokens (the binary) in aws lambda and it doesn't seem to work. What I did was I downloaded the supertokens-postgresql binary, dockerize it by copying the binary over to the docker image and installing it there. I tried to "docker ps" into it and ran "supertokens start" and it worked. However, when I deploy the image to AWS lambda it fails to run everytime. Hence, I set the erro flag in config.yaml to "null" so that the error would show in std-in, and what I found was always a java exception, something related to read-only file system. I suspect this is because aws lambda has the entire file system as read-only, except for /tmp. But Supertokens is trying to write to /usr/lib/supertoken/webserver-temp. Any idea about this? I essentially tried to run "supertokens start" when the lambda function is triggered but failed to do so.

Let's say I have two customers, C1 and C2, and we provide some integrations infrastructure to them w...

abhisheksachdeva

almost 3 years ago

Let's say I have two customers, C1 and C2, and we provide some integrations infrastructure to them where Auth is powered by Supertokens (self-hosted for development purposes). Both customers have a common user, U1. If the user signs in to their products P1 and P2 using google, supertokens will assume that it is the same user as

third_party_user_id

is the same but will create two

sessions

. This might lead to some issues in the future as we will be using user_id for lots of other stuff. 1. Is there any way to consider them as separate users? 2. Should we use separate supertokens instance (cloud or local) for each customer? I guess, you will have something internally to manage multiple clients on the supertokens cloud.

How safe is it in general to upgrade within the 3.X version range, especially in terms of the Postgr...

n1ru4l

almost 3 years ago

How safe is it in general to upgrade within the 3.X version range, especially in terms of the PostgreSQL database schema? If the schema would potentially change, would supertokens guarantee that migrations and adjustments are correctly applied upon startup or would it require manual work? And/or would something like this considered a 3.x -> 4.x change?

Previous 585960 Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).