How is the password verification enforced on the backend? Currently it is kind of only enabled via the frontend by setting the

emailVerificationFeature

option on the frontend? 🤔

It looks like SuperToken cookies are exceeding the permitted limit. I'm getting this error: "Set-Cookie header is ignored in response from url: http://localhost:4000/auth/session/refresh. The combined size of the name and value must be less than or equal to 4096 characters."

hi, for our app we had to use the native http plugin from capacitor, which doesnt support interceptor... any example how to write custom logic to attach the cookies in the headers (for every request)?

Is there any chance a function could be added that returns the session found on the server instead of (or in addition to) adding it to the

request

object? (Talking about

Node.js

here.) I'm playing around with

Svelte Kit

. And it seems like they don't give us access to any data tacked onto the request object. I'm trying to figure out if there's a more functional way to get the session instead. 🤔

Bom dia (Good Morning) I am implementing super tokens on django (backend), using thirdparty (only) recipe. I would like your opinions for best practices on how to initialize it. Currently I have a module and using the module config, I'm calling the start method where I have the init function. (I'll attach some screenshots) Still says that it is not initialized

I am developing chrome extension using supertokens I am validating user logged in or not using aAccessToken which are in website cookies but when I get the 401 then I am trying using sRefreshToken but I am getting 401 for that as well although it is valid.How can I solve? This is the curl curl 'https://test-api.paperguide.ai/auth/session/refresh' \ -X 'POST' \ -H 'accept: application/json, text/plain, */*' \ -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \ -H 'authorization: Bearer "c/qMoWsRTj8kLHaXFXpgaI3qdxjTRZFzKm3vE5csc98g4935GpyG11ypg0P8m6UreXv7p0s5nZuaZj8RD2AxnkoI7H6kxuB3umWBJZu1fU75Kd/JHJfhWjzDhf9YMk4PrseQQ1%2BjacQhOIkHF%2BYdqek8nwY9eOEHHrj84wFmB2jO2%2BDJO367o8xHsbk%2BCVVXa60w0bMaYq4lCEWzPxCz%2BVsJcQ7v0hlN6wZ2AS4RGJ9sRviSJVz%2B1ziaYIvG0R8FWNBujV5G%2BhvYh4jkFqmpQ9pItTj8DmtNfCJfF0NTZDG%2B3B8GepNxcCMr%2BST1ka4ysiEDO0kEgT9Q1OaMbOdJ0GDz1krISf3FjjvyZ%2BnLN/FrTvWOBTQE2gqtDuFAxwRIatVBuYBEAB7HM9De.9a6cd961329546b23617792476960a90f205ed1d3c89eee69548953b1127b463.V2"' \ -H 'content-length: 0' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'origin: https://www.plasmo.com' \ -H 'priority: u=1, i' \ -H 'referer: https://www.plasmo.com/' \ -H 'sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Linux"' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: cross-site' \ -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'

why FetchError: request to https://....aws.supertokens.io/apiversion failed, reason: connect ETIMEDOUT 5

@rp_st Why does it take time to validate role claim? I signed up a user, added a role got this log

roles.go:94: [Info] Role added to user: &{false} with user_id:702116bc-1a9f-4a1c-b71e-3d74d9c0fce4 role: admin

but i can't call endpoint with role claim validator it eventually works, but i am not sure about the exact time calling this returns role as admin

go
    admin.Get("/auth/role", func(c *fiber.Ctx) error {
        sessionContainer := session.GetSessionFromRequestContext(c.UserContext())

        response, err := userroles.GetRolesForUser("public", sessionContainer.GetUserID(), nil)

        if err != nil {
            log.Errorf("Error getting roles: %v", err)
            return util.ReturnError(c, 500, "Error getting roles")
        }
        return util.ReturnSuccess(c, response.OK.Roles)
    })

https://discord.com/channels/603466164219281420/907932061669654548/1202007865028775937 I've started the migration from the Remix example to the Next.js app directory example. (At least for now.) And I think Remix does things way better. 😅 I wanted to suggest adding documentation on how to use the

ThirdPartyEmailPassword

option without using the Express middleware, and perhaps suggest exposing clear functions for it if they aren't yet available. (I assumed that they would be available since we now have things like

*withoutRequestResponse()

.) I've been approached multiple times on both my Remix and my SvelteKit examples regarding how to get

ThirdPartyEmailPassword

up and running. It seems to be the most common recipe (or one of the most common). And having a way to set things up clearly (without having to bring other SuperTokens packages into the mix) would likely be a big win. It might also alleviate some of the package management that SuperTokens has to deal with for various JS frameworks. I would look into it, but I unfortunately haven't had the time to scrutinize SuperTokens's internals like I did last time. 😅 I'm still looking for an opportunity. I'm only just now getting to the Next.js app dir example. (I know SuperTokens has one. This would just be one that would be more direct -- requiring less NPM packages and higher order functions.)

Hey, I have a question about the website domain with multipe frontends. Refering to the docs:

On the backend, you should set the websiteDomain to be your main domain (example.com if your sub domains are sub.example.com), and then you want to override the sendEmail functions to change the domain of the link dynamically based on the tenant ID supplied to the sendEmail function. See the Email Delivery section in our docs for how to override the sendEmail function.

for what is this websiteDomain used for? I have the following domain setup: a.domainA.com -> uses api.domainA.com b.domainA.com -> uses api.domainA.com so i should set websiteDomain to domainA.com. But i have another frontend: domaniB.com -> used api.domainA.com what to do now here?