https://supertokens.com/ logo
Join Discord
Powered by
What is the optimal deployment strategy for implem...
# support-questions-legacy
v
What is the optimal deployment strategy for implementing a passwordless recipe with Lambda, considering the login needs of N users? Should we choose Lambda as the best option, or would an ECS and API Gateway structure be more suitable? Alternatively, are there any other strategies that offer better deployment options on AWS ?
r
hey @vaz007. this is a personal choice really, but i don't like lambdas very much cause of the cold start problem.
v
exactly I was thinking of ECS and then I can forward the request to my authorization container, which then can forward request to an ELB
Can you tell me whats wrong with the following codebase recipeList: [ Passwordless.init({ smsDelivery: { override: (originalImplementation) => { return { ...originalImplementation, sendSms: async function ({ //codeLifetime, // amount of time the code is alive for (in MS) phoneNumber, //urlWithLinkCode, // magic link userInputCode, // OTP }) { // TODO: create and send SMS sdk.auth("APIKEY"); // const template = 
Hello this is your OTP ${userInputCode} and link ${urlWithLinkCode}
console.log(phoneNumber); sdk.sendSms({ // template_id: 'EntertemplateID', mobiles: phoneNumber, }) .then((data:any ) => console.log(data)) .catch((err:any) => console.log(err)); } }; } }, contactMethod: "PHONE", flowType: "USER_INPUT_CODE" }), Session.init(), Dashboard.init(), ],
it says sendSms is not a valid operator for this API
operation on this API
r
can i see the error stack?
v
just a sec
Error: Sorry, 
sendSms
does not appear to be a valid operation on this API. at Proxy. (/Users/fllap0588_ankurvazirani/Desktop/auth/passwordless/my-app/backend/node_modules/api/dist/index.js:180:47) at step (/Users/fllap0588_ankurvazirani/Desktop/auth/passwordless/my-app/backend/node_modules/api/dist/index.js:33:23) at Object.next (/Users/fllap0588_ankurvazirani/Desktop/auth/passwordless/my-app/backend/node_modules/api/dist/index.js:14:53) at fulfilled (/Users/fllap0588_ankurvazirani/Desktop/auth/passwordless/my-app/backend/node_modules/api/dist/index.js:5:58) at processTicksAndRejections (node:internal/process/task_queues:95:5)
import Passwordless from "supertokens-node/recipe/passwordless"; import Session from "supertokens-node/recipe/session"; import { TypeInput } from "supertokens-node/types"; import Dashboard from "supertokens-node/recipe/dashboard"; const sdk = require("api")("@msg91api/v5.0#6n91xmlhu4pcnz");
these were my import statements
r
i don't think this is from our SDK.
v
yeah missed it
sorry its from msg91
Hey I am having a frontend post signup issue. Can you help me out ? I am unable to call the onHandleEvent function recipeList: [ Passwordless.init({ contactMethod: "EMAIL_OR_PHONE", onHandleEvent: async (context: any) => { console.log(context); // let {id, email, phoneNumber} = context.user; console.log(context.user); if (context.action === "SUCCESS") { if (context.action === "SESSION_ALREADY_EXISTS") { // TODO: console.log('SESSION ', context.action); } else if (context.action === "PASSWORDLESS_RESTART_FLOW") { // TODO: console.log(context.action); } else if (context.action === "PASSWORDLESS_CODE_SENT") { // TODO: console.log(context.action); } else { if (context.isNewUser) { // TODO: Sign up console.log(context.action); console.log(context.isNewUser); // await UserMetadata.updateUserMetadata('1', { role: "user" }); } else { // TODO: Sign in console.log('SIGN IN '); console.log(context.action); } } } }, }), Session.init(), ]
r
are you using custom UI or our pre built UI?
v
prebuilt
r
does the 
console.log(context);
get logged out?
v
nope
r
which login method are you using to sign up?
v
passwordless
r
are you manually calling the consumeCode function from our frontend sdk?
v
nope
I have just added onHandleEvent
r
hmm. This is odd. Im tagging @porcellus who can help out here.
he may be able to help in the coming 2-3 days
v
Can't we just add metada on postSignup on backendSDK
r
you can. Yea
v
metadata *
r
it's there in our docs
overriding the consumeCode API
v
can you point me to it
r
v
Thanks let me give it a try
hmm just a question is supertokens planning to add authorization layer as well ?
r
we have RBAC already
v
import UserRoles from "supertokens-node/recipe/userroles"; // creating the admin role and adding permissions to it. await UserRoles.createNewRoleOrAddPermissions("admin", ["read:all", "delete:all", "edit:all"]) // creating the regular-user role and adding permissions to it. await UserRoles.createNewRoleOrAddPermissions("regular-user", ["read:all", "delete:self", "edit:self"])
how would you suggest to add API level RBAC in this
Looking at CASBIN for an alternative solution
r
please see our docs for this 🙂
it's all in there.
p
hi. This seems to be working as expected to me. If you need help with this could you add any other details that could help me reproduce this?
v
Hey I need some help with supertokens. I have installed it locally on my MAC and when I hit localhost:3567/hello it works perfectly but when I hit it with my backend then it throws an error saying supertokens-core not found export function getApiDomain() { const apiPort = process.env.REACT_APP_API_PORT || 4001; const apiUrl = process.env.REACT_APP_API_URL || `http://localhost:${apiPort}`; return apiUrl; } export function getWebsiteDomain() { const websitePort = process.env.REACT_APP_WEBSITE_PORT || 3000; const websiteUrl = process.env.REACT_APP_WEBSITE_URL || `http://localhost:${websitePort}`; return websiteUrl; } export const SuperTokensConfig: TypeInput = { supertokens: { connectionURI: "http://localhost:3567", apiKey: "someKey", }, appInfo: { appName: "Auth Middleware Express", apiDomain: getApiDomain(), // ELB address websiteDomain: getWebsiteDomain(), // Frontend ADDRESS IS MANDATORY DURING PROD }, recipeList: [ Passwordless.init({ contactMethod: "PHONE", flowType: "USER_INPUT_CODE" }), Session.init({ // cookieSecure: true, // over https since we are on local we can't switch this to true }), Dashboard.init(), UserMetadata.init(), ],
and I am using prebuilt UI
r
are you using docker?
v
hmm no I was using the core
r
for the node process, are you using docker?
v
no
r
then it's probably an issue with the firewall on your machine
v
Hey I have deployed my frontend on S3 and backend on ECS, but for some reason I am facing CORS issue can you help me resolve the following issue CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
should I disable app.use( cors({ origin: getWebsiteDomain(), allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()], methods: ["GET", "PUT", "POST", "DELETE"], credentials: true, }) ); part from the backend
r
which API are you calling?
v
/auth/signup/code
using supertokens 6.0
r
have you added the cors middleware before or after the supertokens middleware?
v
nope
nothing
do you want me to share my backend file
r
not really
you just have to add the cors middleware befroe the supertokens middleware
see one of our example app;s
v
I am using your example app
both on frontend and backend
r
our example apps do work for surew
maybe you made some changes
anyway, i can't really help since you aren't ansering my question directly.
v
import express from "express"; import supertokens from "supertokens-node"; import cors from "cors"; import { middleware, errorHandler } from "supertokens-node/framework/express"; import { getWebsiteDomain, SuperTokensConfig } from "./config"; import { authRouter } from "./routes/auth"; import {internalIPRouter} from './routes/internalIP'; import {authorisationUserRule} from './routes/authorisationUserRulesController'; const app = express(); // Initialize Supertokens with the provided configuration supertokens.init(SuperTokensConfig); // Set up Cross-Origin Resource Sharing (CORS) middleware console.log('WEB DOMAIN : ',getWebsiteDomain()); app.use( cors({ origin: getWebsiteDomain(), allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()], methods: ["GET", "PUT", "POST", "DELETE"], credentials: true, }) ); app.use(express.json()); // Supertokens middleware for handling sessions and related functionality app.use(middleware()); app.get('/', (req, res) => { res.status(200).send("HEALTH CHECK OK") }) app.use("/auth", authRouter); // app.use("/session", sessionRouter); // app.use("/getUserMetadata", userMetadataRouter); app.use("/internalIPAuth", internalIPRouter); app.use("/authorisationUserRule", authorisationUserRule); // Error handling middleware for Supertokens app.use(errorHandler()); app.listen(4001, () => console.log(
API Server listening on port 4001
));
here is the file
r
Seems about fine
cors errors are out of scope of supertokens
please try to google them
v
yeah I am just not sure whats going wrong
thanks for your help
Hey I have deployed my application. I just wanted to ask you can we deploy multiple frontends to contact with one backend ? Both frontend URLs will be different.
r
You can - can you descirbe the exact use case here?
v
yeah so we are using multiple recipies on backend which includes Passwordless for one platform, and Email & Password for the other platform. So backend remains consistent. We need to specify our website domain in the backend and frontend according to the examples in the website
so I was not sure on how to tackle this situation
r
are the frontend domains on different sub domains or entirely different domains? Also, will the backend apiDOmain value be same for both the websites?
it would be great if you can give the actual domains for the websites and the backend, so i can tell u exactly what you need to do
v
Hey sorry for delayed response we are on same doamin and different subdomain. I just have one additional question, in supertokens version 14 I am able to generate email verification tokens but I am unable to generate a link. So how does the process work and I don't want to upgrade it to supertokens 15 since I would need to go and change all my existing APIs
r
u can form your own link from the token
just add the token as a query param to the link manually
see the existing link structure and pattern match
v
ohh okay cool
thanks
was just little confused on creating link part. Thanks for all your help we are finally running passwordless recipie on dev env and planning to integrate thirdparty as well
5 Views
PreviousNext
Powered by