SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

<@!793412957328769024> I have updated the supertokens-website package to include the `secure` flag. Please delete yarn.lock and run `yarn upgrade` to get that change. Things should work now. 

A note about session behaviour on safari: We are using antiCsrf VIA_TOKEN for CSRF protection.  This is cause your CORS rules for APIs is probably set to allow any origin to query them (cause you are using an iframe) - if this is not true, then you can remove the `antiCsrf` param from your backend config, and ignore this paragraph (in which case we will be using csrf protection via custom headers).  If this is true, it means each request sends an anti-csrf token for CSRF protection. This token is store in frontend cookies. Now safari, caps the lifetime of frontend cookies to 7 days (privacy feature). So that means, if a user is using safari, and they don't refresh a session for 7 days, they will get logged out (only for safari). If this is an issue for you, you can set `antiCsrf` to "NONE", and use another anti csrf method that involves injecting the CSRF token in the html (in conjunction to our lib).