SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Noob here, the data inside jwt is not encrypted?  The st-access-token in postman is showing the data when pasted in jwt.io

hey <@705121349521244211> we don't encrypt it by default since JWTs are signed and not encrypted.

But you can instead do the followings:

- Use cookie based auth instead of header based auth. This way, the frontend can't read the access token (See our docs for token transfer method)

- You can override the createNewSession function on the backend and before returning the response, encrypt the access token yourself. For verification, you can use our getSessionWithourRequestResponse function (mentioned in our docs), instead of using verifySession or getSession functions, and before passing in the access token, decrypt it yourself.