Hi there! I'm planning to launch my app before the end of the month and I'm trying to implement a referral system, where new users can sign up only with an invitation code. My app is using the ThirdPartyPasswordless recipe, and contrary to the EmailPassword recipe, there's no Sign Up flow on which I can add another required field when signing up. As of now, I'm creating manually new users for my beta testers, and I'm denying signup if I can't find any matching email/phone in a

createCodePOST

API function override. I was thinking about exposing a route on my application to validate an invite code, in which the route would create a new user on Supertokens, hence enabling this email to sign in. However, in that setup, there's no way to verify the provided email authenticity, except if I implement email validation on my own, which isn't something I want to do. Can you think of other ways to implement that? Is that something that could be integrated within my Supertokens setup or should I think about this being outside of Supertokens' scope? I understand this is a kind of specific use case, and might not even be related to Supertokens, but still I'd love to hear your input on this 🙂

Hello - I'm using the passwordHashesImport api to import users from Auth0, but would there be a way to set "isVerified" to true during that process?

I am using this in config config: { thirdPartyId: 'google', clients: [ { clientId: process.env.GOOGLE_CLIENT_ID, clientSecret: process.env.GOOGLE_CLIENT_SECRET, clientType: 'web' }, { clientId: process.env.IOS_GOOGLE_CLIENT_ID, clientType:'ios' }, { clientId: process.env.ANDROID_GOOGLE_CLIENT_ID, clientType:'android' } ], }, but getting this error Error: please provide exactly one client config or pass clientType or tenantId

Hey! I have written an api to return an session using the received cookie. Took reference from here: https://supertokens.com/docs/passwordless/nextjs/app-directory/session-helpers

I have a question about the Dashboard - is it safe and meant to be deployed in a production? I'm currently using a self-hosted instance, and what sparked this question for me is that self-hosted doesn't require sending the

api-key

header, thus allowing anyone who has access to the supertokens instance to create a new user/change password etc. My assumption is that supertokens instance should not be exposed to the world, and communicated only with via backend. Is that correct?

Hi, we are trying to implement manual account linking, the account linking itself works but then when we return the response there is an exception says

This should never happen: session and user mismatch

the scenario is we have a primary passwordless user and now we want to connect a social media login account (FB in this case). any directions? I assume it is somehow related to the fact we do the linking in

thirdPartySignInUpPOST

and return the response from

originalImplementation.thirdPartySignInUpPOST

# This is required since if this is not there, then OPTIONS requests for # the APIs exposed by the supertokens' Middleware will return a 404 @app.route('/', defaults={'u_path': ''}) @app.route('/') def catch_all(u_path: str): abort(404) why is this required from a backend point of view to allow options request

hey super tokeneans. I got these "supertokens_python.exceptions.GeneralError: No SuperTokens core available to query" issues after configuring super token with React and Django rest framework. can anyone help me

self-hosted supertokens core 6.0 on GCP Cloud Run, getting error "Invalid API Key" when trying to access the

/hello

path, but when I switch back to 5.0 with the same environment variables, it runs without issue. I'm using the same environment variables in both. Not a big issue for me because I can use 5.0, just thought I should let you guys know, maybe I'm missing something.

Hello! Wondering if there's any method I could do this manually? Plan to send it via SendGrid and handle it with my own form on the frontend.