What is the difference between overriding an api vs overriding a function? For example consumeCode as a function vs consumeCodePost as an api? What are the intended use cases for each option?

Hi all, we've been evaluating Supertokens as well, we were researching the flow and session management and had a question around session extension. Are there accommodations for usage-based session extension, for example, from a public machine? We have a heavy use case on public machines, our existing system uses a 'short-medium term lived access token whose usage extends their expiry' type of session management. Additionally, we have a mobile use case (and additional cases in the future) that fits perfectly with the 'suggested flow' (which is why we're evaluating Supertokens in the first place). We'd like to utilize the suggested Supertokens flow, but with the ability to extend a short-term session based on usage. We were wondering if this was a use case and if there were recommendations around this type of behavior

I am developing chrome extension using supertokens I am validating user logged in or not using aAccessToken which are in website cookies but when I get the 401 then I am trying using sRefreshToken but I am getting 401 for that as well although it is valid.How can I solve? This is the curl curl 'https://test-api.paperguide.ai/auth/session/refresh' \ -X 'POST' \ -H 'accept: application/json, text/plain, */*' \ -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \ -H 'authorization: Bearer "c/qMoWsRTj8kLHaXFXpgaI3qdxjTRZFzKm3vE5csc98g4935GpyG11ypg0P8m6UreXv7p0s5nZuaZj8RD2AxnkoI7H6kxuB3umWBJZu1fU75Kd/JHJfhWjzDhf9YMk4PrseQQ1%2BjacQhOIkHF%2BYdqek8nwY9eOEHHrj84wFmB2jO2%2BDJO367o8xHsbk%2BCVVXa60w0bMaYq4lCEWzPxCz%2BVsJcQ7v0hlN6wZ2AS4RGJ9sRviSJVz%2B1ziaYIvG0R8FWNBujV5G%2BhvYh4jkFqmpQ9pItTj8DmtNfCJfF0NTZDG%2B3B8GepNxcCMr%2BST1ka4ysiEDO0kEgT9Q1OaMbOdJ0GDz1krISf3FjjvyZ%2BnLN/FrTvWOBTQE2gqtDuFAxwRIatVBuYBEAB7HM9De.9a6cd961329546b23617792476960a90f205ed1d3c89eee69548953b1127b463.V2"' \ -H 'content-length: 0' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'origin: https://www.plasmo.com' \ -H 'priority: u=1, i' \ -H 'referer: https://www.plasmo.com/' \ -H 'sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Linux"' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: cross-site' \ -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'

I have a general question. How high of a priority is MongoDB login? It’s been quite a while since I’ve seen any updates so I thought I might just ask here.

Hi, I am using FastAPI with supertokens. And would like to store users in my own DB. I am using Email passwordless social recipe and would like to capture the event when the user signs in so that I can check if I have the corresponding user in my database and if not create one. Can anyone point me to the relevant docs please. Thanks.

Hi there! I'm planning to launch my app before the end of the month and I'm trying to implement a referral system, where new users can sign up only with an invitation code. My app is using the ThirdPartyPasswordless recipe, and contrary to the EmailPassword recipe, there's no Sign Up flow on which I can add another required field when signing up. As of now, I'm creating manually new users for my beta testers, and I'm denying signup if I can't find any matching email/phone in a

createCodePOST

API function override. I was thinking about exposing a route on my application to validate an invite code, in which the route would create a new user on Supertokens, hence enabling this email to sign in. However, in that setup, there's no way to verify the provided email authenticity, except if I implement email validation on my own, which isn't something I want to do. Can you think of other ways to implement that? Is that something that could be integrated within my Supertokens setup or should I think about this being outside of Supertokens' scope? I understand this is a kind of specific use case, and might not even be related to Supertokens, but still I'd love to hear your input on this 🙂

Hey! I have written an api to return an session using the received cookie. Took reference from here: https://supertokens.com/docs/passwordless/nextjs/app-directory/session-helpers

Sorry but I'm really confused if this a bug or breaking change. I'm at the end of migrating a lot of versions and suddenly I have a problem with the github sso provide in the golang backend because the formatting of the thirdPartyUserId has changed? Before (golang-sdk version v0.10.3) the google thirdPartyUserId was of format

32591853.000000

while now (v0.16.6) its in the format of

3.2591853e+07

. I tried finding mentions of that in the github issues or here in discord but found nothing. Both notations seem weird when I curl

https://api.github.com/user

with the auth token and get the id simply back as

"id": 32591853

but yeah it cannot change because then the user can't log in to his account anymore, no? Can you confirm this bug / breaking change? EDIT: And I think I even found the code change that causes this breaking change:

ID := fmt.Sprintf("%f", userInfo["id"].(float64)) // github userId will be a number

(https://github.com/supertokens/supertokens-golang/blob/c93291f8d7c7d7da5633dd81b5f9983040f64def/recipe/thirdparty/providers/github.go#L96C6-L96C89) changed to

fmt.Sprint(rawUserInfoResponse.FromUserInfoAPI["user"].(map[string]interface{})["id"])

(https://github.com/supertokens/supertokens-golang/blob/7632d2f55e0a38b26ddde7a38ae038d66c3f9644/recipe/thirdparty/providers/github.go#L138C21-L138C107) so the conversion to float has been removed and thats what must be causing it.

@porcellus the Randstad instance is receiving "too many requests" errors. They're onboarding their talent right now, very bad timing, what are the rate limits here?

Hey there, How could I understand what is the error? What I know is that when editing the metadata, the error happens