Hey, I have run into the infamous Safari itp blocker. I trying to get a password less flow with otp codes working in a iframed environtment under a page that we don't control the domain on. So we cant serve out content from the correct domain. I have switched to the header

tokenTransferMethod: "header"

flow instead of the cookie based one as suggested. Everything works fine in chrome and firefox, the

authorization

header gets set with the expected value and the backend is able to authenticate the request. But in safari no header is provided, which causes the flow to not work. The consome call for the otp works fine and we get a response from the server containing all the expected tokens. But the following request to the api does not contain anything and returns with a 401. After digging around a bit it in https://github.com/supertokens/supertokens-website/blob/master/lib/ts/fetch.ts it looks like even when using the header mode all the tokens still gets stored as cookies by the client and this will then also fail because of itp. But setting values in localstorage/session should still work, with some limitations, but it should get the flow running as expected for the current session at least. So is there a way to totally disable cookies and only store all the tokens in local storage when header mode is active?

please link

Hey !!! I am using supertokens python SDK as a backend with a self-hosted core. Whenever we delete the user from the user management dashboard (provided by supertokens) , the user gets deleted from the database tables that are provided by supertokens (in my case, I am using mysql database), but I want to delete the user from my application's external database at the same time whenever we click on the delete user from the dashboard. Is there a way to do it?

Is it possible to integrate SuperTokens with an encore.dev app? In general, encore.dev lets you build (in, honestly, the very best possible way) a set of lambda-type functions (which you can deploy pretty much anywhere). You specify just the function, and in a comment the URL that will be matched to that function at run-time. You really don't have to set up anything else, it's fantastic, and they deploy it. So I'm not talking about the ST core, but just the ST server routes -- is it possible to have ST "hook into" the encore.dev routing somehow? I'll ask on their slack channel as well. Thanks!

Hello, I receive the following error in the browser (MS Edge on Windows 11):

Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.

The above error occurred in the <SessionAuth> component

. Has this happened to anyone before? I just created two projects with

npx create-supertokens-app@latest

, the first one React+NestJS and the other Vue+NestJS, always the same error

Hey, where can i see what cdi-version I use? Thanks

hey guys, we are a little lost implementing auth for our capacitor apps (different domains)... What's the usecase for the cookieHandler?

js
  supertokens.init({
    ...frontendConfig().appInfo,
    cookieHandler: capacitorCookieHandler,
  })

We are following this guide now, since our implementation didn't work as expected (due to lax cookies & safari webkit issue): https://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/examples/localstorage/about

Hello! We have a little problem about implementation of Supetokens on Ionic/Capacitor. In particular about the native versions of it. Its like if the back-end side doesn't allow customScheme (ex: capacitor://app.id/home). After the basic implementation of docs we have this error on iOS: Unhandled Promise rejection: – "Please provide a valid domain name" Can some help me please? Thanks in advance!

Is it possible to disable cors fully for testing? I’m getting an error saying that wildcard can’t be used when credentials mode is ‘include’

Hi, was wondering if SuperTokens has a SOC 2 report available somewhere? I see there's a trust page at security.supertokens.com, but couldn't find the SOC 2 report.