https://supertokens.com/ logo
UI management system
b

bodich

04/15/2023, 2:05 PM
Hello. Do SuperTokens have a Dashboard UI only in SaaS paid version? Self hosted does not have any UI management system?
r

rp

04/15/2023, 2:06 PM
hey @bodich both versions have user management UI: https://supertokens.com/docs/userdashboard/about
b

bodich

04/15/2023, 2:07 PM
Thanks, I'll check. It's right inside the main service, or additional service has to be deployed?
r

rp

04/15/2023, 2:08 PM
it's served by the backend SDK.
So whichever serivce you have added our backend SDK do, that will also serve the dashboard
b

bodich

04/15/2023, 4:38 PM
Do you have the same, but for Java + Spring? Unfortunately I can find only Nodejs, Go, Python. Does it possible to use with Java? import SuperTokens from "supertokens-node"; import Dashboard from "supertokens-node/recipe/dashboard";
r

rp

04/15/2023, 4:45 PM
we don't have a Java SDK
but you can spin up a node process and use our node sdk with that. This process would be the auth server to your app
b

bodich

04/15/2023, 4:49 PM
But will it work by this scheme still? Honestly I can't imagine the architecture for now...

https://cdn.discordapp.com/attachments/1096798450118565928/1096839762767257760/self_hosted_generic-1.png

r

rp

04/15/2023, 4:50 PM
it will. The "Your backend API" will be the node app with our node SDK
and your java backend will be the application backend
you can reverse proxy the request for /auth/* to the node app
and the rest of the requests to your backend can hit the java backend
b

bodich

04/15/2023, 4:53 PM
Supertokens core will know anyway if requests to /api/ are authorised, right?
r

rp

04/15/2023, 4:54 PM
what do you mean?
b

bodich

04/15/2023, 4:54 PM
I mean node app will have Supertokens middleware, right?
r

rp

04/15/2023, 4:54 PM
yes
b

bodich

04/15/2023, 4:54 PM
And requests to /auth will go through the Supertokens middleware
r

rp

04/15/2023, 4:55 PM
yes
b

bodich

04/15/2023, 4:55 PM
But then once I authenticated and send request to /api, I will not have that middleware on my Java Spring app
r

rp

04/15/2023, 4:55 PM
yea. But then you will have a JWT which you can verify on the java side using any jwt verification lib in java
b

bodich

04/15/2023, 4:56 PM
And I will request verification from the node app which has the Supertokens middleware, right?
r

rp

04/15/2023, 4:56 PM
no
the request should contain a JWT
and then you can verify the JWT in java itself using a jwt verification lib
b

bodich

04/15/2023, 4:57 PM
Yeah, I mean my Java app will receive JWT from let's say React app, then Java will verify JWT from node server. And if it's ok then do whatever it needs
r

rp

04/15/2023, 4:58 PM
it won't verify from the node server
i mean the jwks endpoint will be exposed from the node server yes.
but the verification happens in java itself
b

bodich

04/15/2023, 5:00 PM
But how I can check if JWT session was terminated, let's say I did logout. Supertokens know if particular JWT is logged out already?
r

rp

04/15/2023, 5:00 PM
if you logout, the jwt will be removed from the frontend
i suggest you see our docs in more detail first 🙂
cause all this is mentioned in our docs
hope this helps 🙂 have a good weekend
b

bodich

04/15/2023, 5:01 PM
I mean if somehow JWT was stolen
r

rp

04/15/2023, 5:01 PM
yea.. jwts are short lived
so there is a risk yea, but you can't really do anything about that. The only thing is to make the JWT short lived, which it already s
b

bodich

04/15/2023, 5:01 PM
Yes, I've logged out on frontend, but JWT was stolen, then that hacker will still use it?
r

rp

04/15/2023, 5:01 PM
yes. But they are short lived.
b

bodich

04/15/2023, 5:03 PM
No any logged-out cases storage let's say on Redis?
r

rp

04/15/2023, 5:03 PM
huh?