SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hi,
Do I need to add user metadata by hand to the access token as custom claim?

ok thanks.
Is it somehow "bad" practice to use user metadata to store invitation pins?
I update_user_metadata(pin, some dict) to store it. I checked the database layout and it should be ok. Also I store "real" user metadata after signup.

I somehow want to avoid to need a connection to our project database, because If i can handle anything auth related using supertokens and I can create a service to check the JWT using JWKS and add the custom claims to the request header. Then I should have a loose coupling because the application just uses the header.

I guess this should work right?

I try to replace firebase with supertokens

> Is it somehow "bad" practice to use user metadata to store invitation pins?
It's not an issue if you only want to fetch invitation pins based on userIds - since metadata fields are not searchable.