Actually, you should override APIs and not functions (cause there is an API input change - you are adding a tenantId to the request): https://supertokens.io/docs/nodejs/thirdpartyemailpassword/override/apis You would override the following:

emailExistsGET:
- Change the input email to add the tenantId to it before calling the original implementation of this API

generatePasswordResetTokenPOST:
- Change the input formFields' (where id == "email") to add the tenantId to the email

signInUpPOST (type == "emailpassword"):
- Change the input email to have the tenantId before signing in / up.

signInUpPOST (type == "thirdparty"):
- You can copy/paste the whole API's body from our repo, and after getting the user's info from the OAuth provider, you would change the email and thirdPartyId to have the tenantId.

The above would in turn imply that if you fetch user info from Supertokens, you would get their email with the tenantId attached to it. Also, if you want to fetch a user based on their email, you would need to provide the email with their tenantId with it. If you want SuperTokens to output the emails without the tenantIds, you can overide the recipe functions (the other link I sent), and override all the functions that return a

User

object to strip away the tenantId part. However, if you do that, then you would have to somehow figure out which tenant an email belongs to before using that email to query some info from supertokens. So perhaps it's best to not modify the recipe functions at all.