https://supertokens.com/ logo
Join Discord
Powered by
UI management system
# support-questions
b
Hello. Do SuperTokens have a Dashboard UI only in SaaS paid version? Self hosted does not have any UI management system?
r
hey @bodich both versions have user management UI: https://supertokens.com/docs/userdashboard/about
b
Thanks, I'll check. It's right inside the main service, or additional service has to be deployed?
r
it's served by the backend SDK.
So whichever serivce you have added our backend SDK do, that will also serve the dashboard
b
Do you have the same, but for Java + Spring? Unfortunately I can find only Nodejs, Go, Python. Does it possible to use with Java? import SuperTokens from "supertokens-node"; import Dashboard from "supertokens-node/recipe/dashboard";
r
we don't have a Java SDK
but you can spin up a node process and use our node sdk with that. This process would be the auth server to your app
b
But will it work by this scheme still? Honestly I can't imagine the architecture for now...

https://cdn.discordapp.com/attachments/1096798450118565928/1096839762767257760/self_hosted_generic-1.png

r
it will. The "Your backend API" will be the node app with our node SDK
and your java backend will be the application backend
you can reverse proxy the request for /auth/* to the node app
and the rest of the requests to your backend can hit the java backend
b
Supertokens core will know anyway if requests to /api/ are authorised, right?
r
what do you mean?
b
I mean node app will have Supertokens middleware, right?
r
yes
b
And requests to /auth will go through the Supertokens middleware
r
yes
b
But then once I authenticated and send request to /api, I will not have that middleware on my Java Spring app
r
yea. But then you will have a JWT which you can verify on the java side using any jwt verification lib in java
b
And I will request verification from the node app which has the Supertokens middleware, right?
r
no
the request should contain a JWT
and then you can verify the JWT in java itself using a jwt verification lib
b
Yeah, I mean my Java app will receive JWT from let's say React app, then Java will verify JWT from node server. And if it's ok then do whatever it needs
r
it won't verify from the node server
i mean the jwks endpoint will be exposed from the node server yes.
but the verification happens in java itself
b
But how I can check if JWT session was terminated, let's say I did logout. Supertokens know if particular JWT is logged out already?
r
if you logout, the jwt will be removed from the frontend
i suggest you see our docs in more detail first 🙂
cause all this is mentioned in our docs
hope this helps 🙂 have a good weekend
b
I mean if somehow JWT was stolen
r
yea.. jwts are short lived
so there is a risk yea, but you can't really do anything about that. The only thing is to make the JWT short lived, which it already s
b
Yes, I've logged out on frontend, but JWT was stolen, then that hacker will still use it?
r
yes. But they are short lived.
b
No any logged-out cases storage let's say on Redis?
r
huh?
PreviousNext
Powered by