@User thanks for the perspective on this. From reading https://github.com/supertokens/supertokens-core/issues/250, I believe the Supertokens Hasura integration for authentication is going to be JWT based, right? If we can't use Supertokens to issue JWTs for for API clients, then we're going to miss out on all Authorization/Access Control functionality Hasura offers, as it relies on custom claims in the JWT in order to identify the user. We would have to use the X-Hasura-Admin-Secret header, and "JWT authentication is skipped when the X-Hasura-Admin-Secret header is found in the request and admin access is granted." This shifts all authorization to the auth proxy service that would be responsible for authenticating API clients.