On Clearing Cookies or Using incognito Mode in React Native Webview Android, SuperToken Session is e...

malikkhoja

On Clearing Cookies or Using incognito Mode in React Native Webview Android, SuperToken Session is expired. Can anyone help me here?

```# npm audit report qs 6.7.0 - 6.7.2 Severity: high qs vulnerable to Prototype Pollution - https...

chunkygoo.

almost 3 years ago

# npm audit report

qs  6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install supertokens-node@2.5.0, which is a breaking change
node_modules/qs
  body-parser  1.19.0
  Depends on vulnerable versions of qs
  node_modules/body-parser
    supertokens-node  >=3.0.0
    Depends on vulnerable versions of body-parser
    node_modules/supertokens-node

3 high severity vulnerabilities

Hey, we have a problem with the client react on web. for some reason sometimes the refresh api from ...

Diesel

almost 3 years ago

Hey, we have a problem with the client react on web. for some reason sometimes the refresh api from the backend response is 502 in the network interface but in the backend we can see in the logs it returned 200. Was wondering what this 502 means maybe you know and could help us?

Hi! The Dashboard is pretty cool, but I have a question about how it is intended to be used. It is ...

dleangen

almost 3 years ago

Hi! The Dashboard is pretty cool, but I have a question about how it is intended to be used. It is served by the backend, and the backend is protected by CORS. It looks like the Dashboard is intended to be accessed directly via the browser, and not through an API call. However, if I access directly from my browser, then no origin is provided with the request, which means that it gets rejected by CORS. I tested by disabling CORS, and can access the Dashboard as expected. I'm not sure how to resolve this issue because I can't seem to find a way to disable CORS just for that single route (unless I am misunderstanding how the configuration works). Here is my CORS config, **which is general to all routes due to the use of `app.use(middleware())`**:

SuperTokens.init(SuperTokensInitConfig);
admin.initializeApp();

const app = express();

const whitelist: string[] = [
  websiteDomain,
  'http://localhost:4201',
  'http://localhost:4202',
  'http://localhost:4203',
  ... etc.
];

app.use(cors({
  origin: function(origin, callback) {
    if (origin && whitelist.indexOf(origin) !== -1) {
      callback(null, true);
    } else {
      callback(new Error(`Origin ${origin} not permitted due to CORS policy`));
    }
  },
  allowedHeaders: ['content-type', ...SuperTokens.getAllCORSHeaders()],
  credentials: true,
}));

app.use(middleware());
app.use(errorHandler());

export default app;

Hi, I'm looking to implement "web3" authentication. Is there anything like that integrating with Sup...

maaddin

about 3 years ago

Hi, I'm looking to implement "web3" authentication. Is there anything like that integrating with SuperTokens already? If not, I would appreciate any pointers to the best way for me to implement it myself. (By "web3" auth, this is what I mean: on a new session the server sends a challenge to the user client who signs it with their crypto wallet and sends back to the server. The server compares the signed challenge with the previously registered public keys for the user. Here's an in-depth "vanilla" integration example https://www.toptal.com/ethereum/one-click-login-flows-a-metamask-tutorial)

Hi, I want to send magic link in the mail using different website domain. So is there any way in bac...

alen_george

about 3 years ago

Hi, I want to send magic link in the mail using different website domain. So is there any way in backend to fetch any website domain and send magic link using that particular domain? And also any way to send additional values from frontend to backend middleware API's.

Hey guys, I am trying to implement a Telegram-like authentication where users are logged in via OTPs...

execreate

about 3 years ago

Hey guys, I am trying to implement a Telegram-like authentication where users are logged in via OTPs as primary log-in factor + there is a possibility to add additional password protection as a second factor. Is that possible? I can see there is APIOptions parameter in the

create_code_post / consume_code_post

function calls for Passwordless recipe, which makes it possible to

get_session

using

api_options.request

. But there is no such parameter for the Email-Password recipe 🥲

Signed up for SaaS dev env. Not receiving the OTPs on phones and emails with the Passwordless login...

gopi3429

about 3 years ago

Signed up for SaaS dev env. Not receiving the OTPs on phones and emails with the Passwordless logins.

Hello everyone could you please guide me how I can find all available configuration for Session.init...

rezaamya

about 3 years ago

Hello everyone could you please guide me how I can find all available configuration for Session.init() when I am initializing Session like the following:

supertokens.init({
        framework: "express",
        supertokens: {
            //...
        },
        appInfo: {
            //...
        },
        recipeList: [
            Session.init() // initializes session features
        ]
    });

understood that the architecture involved my own backend to handle {domain}/auth/* which will proxy ...

kelchy2714

about 3 years ago

understood that the architecture involved my own backend to handle {domain}/auth/* which will proxy to the core. i wonder why ST was designed like this? can my frontend go directly to the core without going through my app backend?

Previous 767778 Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).