Hi! This might be a dumb question but I was implementing the User Metadata feature, and added some metadata for a user. I was expecting to see the result in the supertokens user_metadata table, but seems to be empty. What does that table do then?

Is it possible to change the header where the authorization bearer is placed? E.g. use st-authorization instead of authorization

How to associate both email and phoneno in passwordless?

Hi 👋 I have some concerns using

SuperTokens

with a

NestJS

app. 😦 Currently

SuperTokens

sdk is used as a

middleware

. This is also described in the

NestJS

integration documentation of

SuperTokens

. However here is how

NestJS

request-response cycle works.

request -> middleware -> guard -> interceptor (before) -> pipe -> controller -> service -> controller -> interceptor (after) -> filter (if applicable) -> response

With

SuperTokens

middleware it will work for configured

SuperTokens

routes just like below.

request -> middleware -> response

With that, some important aspects of the application might lose. 1. No

guards

called.

Guards

can be used to restrict ip address, or restrict geolocation. There will be no restrictions for

SuperTokens

routes. 2. No

interceptors

called.

Interceptors

can be used for metrics, all kind of analysis and logs. There will be no analysis about what

Supertokens

routes called with what frequency, in what times and many more. To give an example, commonly used middlewares in

NestJS

are

cors()

and

helmet()

middlewares. They do not early terminate request so

interceptors

,

guards

and other

middlewares

also run. So, current

NestJS

integration with

middlewares

does not seem right to me. What do you think about the concerns? Are there any plans to enhance

NestJS

integration?

hi, @rp_st thirdparty signinup POST request failes with response 404 on specific user. how can i debug this?

is it possible to prevent ST from adding Authorization: Bearer TOKEN ? 🙂 We're using header-based auth, but we also have basic auth on out test sites, to prevent outsiders from snooping around 😛 We're already adding the token to a custom header

Hi, I am trying to implement Apple Sign In, after SDK response I have

identityToken

and

authorizationCode

. Which fields do I need to fill when make request to SuperTokens? Currenly, I have following error:

the client for whom this key is for is different than the one provided

.

@rp_st is it possible to delete all users and their data programmatically.

Hey, How can i handle the session verification with supertokens if my App (React) is in offline mode?

For oauth and email password, if someone sign up with different auth providers with same email, is this counted as different accounts? What about if they sign up with email then sign in with their oauth provider email that’s same? Curious what’s recommended behavior here and what flexibility I have