Hey everyone, I'm facing an issue with my Express backend setup along with Supertokens for session management. Here's a snippet of my backend code:

javascript
import express from "express";
import { verifySession } from "supertokens-node/recipe/session/framework/express";
import { SessionRequest } from "supertokens-node/framework/express";

let app = express();

app.post("/like-comment", verifySession(), (req: SessionRequest, res) => {
    let userId = req.session!.getUserId();
    //....
});

I've added

verifySession()

to ensure that only authenticated users can access the

/like-comment

route. However, I'm having trouble accessing this route from the front-end using Axios. I've wrapped my component inside

SessionAuth

so that logged-in users have access, but I keep receiving a 401 error. Could anyone guide me on how to properly access this route from the front-end using Axios and ensure that the user is authenticated? Thanks in advance!

Dears, I have an issue to authenticate with hasura, as hasura does not accespt the jwt to be in the cookie and needs it to be in Authorization header , the documentations states we can expose the token to the browser using exposeAccessTokenToFrontendInCookieBasedAuth: true, in the session.init , but when I do that the CORS gives error Access-Control-Allow-Origin not included in the header although the configuration of the cors module is correct :app.use(cors({ origin: "https://url", allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()], credentials: true, })); I would appreciate your help

In prebuilt UI , how can i provide the clientType query param in the authorisation Url as it is not automatically considering the clientType and throwing error in the backend as I am using three configs of google namey web, android, and iOS

Is there a way to restrict sign in to allow emails only from a specific domain when using sign in with google @rp_st

Hi! I'm trying to implement unified user authentication for multiple private services. I was imagining that each service would provide the users credentials alongside with a service identifier, which would then get packed into the JWT as the

aud

claim. The client would then use the JWT for requests with the service thereafter. I took a look at https://app.swaggerhub.com/apis/supertokens/FDI/1.18.0#/EmailPassword%20Recipe/signIn for the prebuilt backend, but I couldn't find a way to pass this id anywhere. What's the easiest way for me to do this?

Hi guys, are there any endpoint that only verifies the email&password, returns user information but doesn't create a new session token? I'm working on backend and want to write a function which needs to verify the user with email and password (accepted as query parameters) but not the Bearer header. Currently I'm doing it with

/auth/signin

, but it creates session tokens every time I run it. Is there a better solution?

Hi, we have implemented thirdpartyemailpassword recipe along with emailverification recipe. But for some users, they didnt verified their emails with the login provider. So their emails not marked as verified. For those users, when we try to call an api, we are getting claims not verified error. How to get access the api without needing to verify their emails?

Folks, if there any way to expire the previous email verification link when the new link is generated by clicking on 'Resend Verification Email'?

In a multitenant environment, I'm trying to use "getAuthorisationURLWithQueryParamsAndSetState(thirdPartyId, frontendRedirectURI) method" to get thirdparty login url, I'm having multiple tenants including public tenant. Public tenant don't have active-directory provider. But the other tenants have it. When I use that method, it's checking the public tenant. I'm using for logging in. I can pass tenant id from the front-end, but that method is not having a parameter to accept the tenant id. I'm struck here. Please help me out with this.

Hi, is it possible to get email from the session like user_id? session: SessionContainer = request.supertokens user_id = session.get_user_id() email = session.get_email()