SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

I see you have JWT, but do not recommend it since you are not following the standard (why?) and cannot revoke it. Is there any plan to implement it? I know this can be worked through with a blacklist of tokens, but it brings a risk to the developers and maintainers. Or any other recommendations on how api access can be granted?

We are planning on making our access tokens a JWT as well. That should be our in 1-2 months

You can use our sessions right now as well without JWT and enable token blacklisting on the core side

you mean I can use the sessions with e.g. curl or third party scripts?

Well, you can, as long as attach the right cookies in the request. Basically stuff that our frontend SDK does.

well okay, thats not very developer friendly 😄

Yeaaaa. We are working on making it simpler. Should be out in 1-2 months