SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hey, when setting custom claims in the access token where is the best place to do that? Using refreshPOST override, or make it a side effect in an api call which is called by the frontend as part of the login process? I've been reading through the docs and I can see a few examples of doing it for a /login route but just struggling to understand is that overriding a login route provided ootb by supertokens or is it in addition to the normal flows?

The best place would be to override the createNewSession function in the session.init config

Is there an example somewhere in the docs for that?

https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/new-session

Whats the difference between thirdpartyemailpassword vs emailpassword?

Not sure how I missed this, obvious in hindsight

Thirdpartyemailpassword has social login + email password login