SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

But the idea is that if `getSession` throws general error, you handle it like any other error in your APIs. If it throws a try refresh token error, you let us handle it (hence the `supertokens.errorHandler()(err, req, res, () => {})`). If it throws an unauthorised error, you can continue the API logic with an anonymous user.

We will probably add some flag to verySession that allows the API to be called even if the user is not logged in, in which case this will become much easier .