SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hello. Sorry, duplicate questions here.
1. How to check if the refresh token has been stolen? Do you check that the user is using the old refresh token and what do you return in response if that is true?
2. Does `/recipe/session/verify` handler just approve and write new refresh token to database? Before this action new refresh token is not valid?
3. Do you have any heuristic algorithm for detecting theft?
4. You have really small article about csrf tokens. Do you have big article with more detailed description about it?
https://supertokens.com/docs/thirdparty/common-customizations/sessions/anti-csrf

hey! i have already answered this on the thread.