SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

I keep getting 

hook.js:608 The 'front-token' header is missing from a successful refresh-session response. The most likely causes are proxy settings (e.g.: 'front-token' missing from 'access-control-expose-headers' or a proxy stripping this header). Please investigate your API. 

although I have used the front-token on my server headers 

await fastify.register(cors, {
    origin: process.env.WEB_URL,
    allowedHeaders: ["Content-Type", ...supertokens.getAllCORSHeaders()],
    exposedHeaders: ["front-token"],
    methods: ["GET", "POST"],
    credentials: true,
  });
  fastify.addHook("preHandler", (request, reply, done) => {
    if (!request.headers["content-type"])
      request.headers["content-type"] = "application/json; charset=utf-8";
    reply.headers({ "content-type": "application/json; charset=utf-8" });
    done();
  });

Any suggestions from anyone? seems like the ST team is also nt able to figure it out at https://discord.com/channels/603466164219281420/1372897957044682792