SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Is blocking/banning an user something that might be added to the SuperTokens core? I know we could implement it ourselves today by extending the functionality. Some security certificates seem to require this.

hey <@213404165098045440> could you open an issue about this on our github? We will add it to our roadmap.

Which security certs require this btw?

> Question "IAM - 12.11" in https://cloudsecurityalliance.org/artifacts/consensus-assessments-initiative-questionnaire-v3-1/
This is required by one of our customers

ok thanks! Please open an issue about it. We will implement it soon enough

until then, as you said, you can override the sign in and session refresh API to implement this

and you can store info about if a user is blocked or not in the user metadata recipe. So it makes it easier for you

https://github.com/supertokens/supertokens-core/issues/521