SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hi, does anyone know if there's a way to make a backend request to get an access and refresh token from the SuperTokens core on behalf of a user without their credentials?

The session recipe exposes a function called createNewSession

Which you can call. And that function takes in a userId

See this https://supertokens.com/docs/session/common-customizations/sessions/new-session

Thank you, I wasn't sure if this would get the cookies where they needed to go, but it sounds like it will!