Hi New to Supertokens but extensively used to Auth0 I m tryi SuperTokens.com #support-questions-legacy

Hi 🙂 New to Supertokens (but extensively used to ...

Chimanos

03/16/2023, 3:31 PM

Hi 🙂 New to Supertokens (but extensively used to Auth0); I'm trying to implement a "universal-login"-like solution with Supertokens. Is there something straightforward ? My idea was launching a core, a node backend and a frontend dedicated for this (on a separate domain, say identify.example.com). I'm afraid of the interactions with the actual end application, which will rely on another domain. Any thoughts / references ?

rp_st

03/16/2023, 3:39 PM

hey @Chimanos

rp_st

03/16/2023, 3:40 PM

if the actual end app is not on the same based domain (not a sub domain) of the SSO domain, then it would require supertokens to be an oauth provider. You can use us to build the implicit oauth flow (which i know is deprecated), right now, but if you want the authorisation code grant flow, then you will have to wait for us to release the oauth feature. If it's across sub domains, you can share session cookies across sub domains and it would work.

Chimanos

03/16/2023, 3:42 PM

Hey @rp_st . Thanks for clear answer. I had not realized Supertokens was not Oauth-compliant

rp_st

03/16/2023, 3:42 PM

we are an oauth client, but not yet an oauth provider.

rp_st

03/16/2023, 3:43 PM

but we are working on it at the moment - should be out in a 1-2 months time. Also note, that it will most likely be a paid feature, even for self hosted.

Chimanos

03/16/2023, 4:24 PM

Good to hear 🙂 Might not be a breeze for you though, I mean coming from a "PnP" logic with SDKs, middlewares etc; and going to a "flow-centric" logic

rp_st

03/16/2023, 4:31 PM

Well, we have figured out most of it from an architecture point of view - it's just the actual implementation + testing time.

5 Views

Previous Next