https://supertokens.com/ logo
Title
a

Alen

10/20/2022, 6:12 AM
Hi, I want to send magic link in the mail using different website domain. So is there any way in backend to fetch any website domain and send magic link using that particular domain? And also any way to send additional values from frontend to backend middleware API's.
n

nkshah2

10/20/2022, 6:15 AM
Hi @Alen , Just so I understand correctly, you want to dynamically change the domain of the magic link (based on where the request is coming in I assume?) and also want to send extra params for the APIs that SuperTokens calls internally
a

Alen

10/20/2022, 6:17 AM
Yes you are right.
n

nkshah2

10/20/2022, 6:17 AM
What SDKs are you using on the frontend and backend?
a

Alen

10/20/2022, 6:18 AM
Frontend Javascript , Backend Node JS and recipelist - Passwordless
n

nkshah2

10/20/2022, 6:18 AM
supertokens-web-js?
a

Alen

10/20/2022, 6:18 AM
yeah
Also sending mail from multiple custom domains possible ?
n

nkshah2

10/20/2022, 6:24 AM
Right so on the frontend when you call the functions exposed by the recipes (
Passwordless.createCode
for example) you can use the
preApiHook
feature to pass additional params It would look similar to this
Passwordless.createCode({
  email: "", // or phone
  options: {
    preAPIHook: async (input) => {
      // Modify input.requestInit
      return {
        url: input.url,
        requestInit: input.requestInit
      };
    },
  },
})
This way you can customise the payload, url etc of the network request
On the backend you can use our api override feature to consume the additional params https://supertokens.com/docs/passwordless/advanced-customizations/apis-override/usage You can also use the user context feature (https://supertokens.com/docs/passwordless/advanced-customizations/user-context) to pass custom information to future function calls. For example you could send your website domain as a custom request param to the API, then use userContext to get access to that domain in the the email delivery functions (https://supertokens.com/docs/passwordless/email-delivery/about) that let you modify the content of the email however you like
If you just want to modify the link and not the rest of the content, you can use the same flow as above but refer to this page: https://supertokens.com/docs/passwordless/common-customizations/change-magic-link-url for the email modification
a

Alen

10/20/2022, 6:49 AM
Thanks a lot, I will try this out.
n

nkshah2

10/20/2022, 6:49 AM
Happy to help
r

rp

10/20/2022, 7:16 AM
Hey. A simpler method would be to just read the userContext object in the sendEmail override and from there, access the request object using userContext._default.req. And from there, you can read the origin
See this link about the default object in userContext https://supertokens.com/docs/passwordless/advanced-customizations/user-context
a

Alen

10/20/2022, 7:17 AM
Thanks for your suggestion. I will try this.
Hi, I'm using custom way to send an email. So according to this how should I read user context so that I get the origin ?
emailDelivery: {
                override: (originalImplementation) => {
                    return {
                        ...originalImplementation,
                        sendEmail: async function ({
                            codeLifetime, // amount of time the code is alive for (in MS)
                            email,
                            urlWithLinkCode, // magic link
                            userInputCode, // OTP
                        }) {}
r

rp

10/20/2022, 8:15 AM
One of the inputs to sendEmail function has userContext
See the function signature from your code editor
a

Alen

10/20/2022, 9:19 AM
Sure thanks
Hi, I'm using server side rendering in my angular application. On building and while serving the application I'm getting this error
Error: Please provide a valid sessionScope
Could you please help me with this issue.
r

rp

10/20/2022, 10:23 AM
You should call supertokens.init on the frontend only if
typeof window !== "undefined"
a

Alen

10/20/2022, 10:33 AM
If I have used Session anywhere else in the code, for eg.
await Session.getUserId()
, Should this also be run in frontend only ?
r

rp

10/20/2022, 11:08 AM
Yea. Depends on which SDK you are using. If the frontend SDK, then yea, frontend only
a

Alen

10/21/2022, 3:04 AM
Thanks. Is there any way to identify whether the session has expired or not apart from the doesSessionExist() method.
r

rp

10/21/2022, 3:15 AM
When you make an API call, it will result in a 401.
There is also an event that’s fired which you can listen to. See https://supertokens.com/docs/session/advanced-customizations/frontend-hooks/handle-event
a

Alen

10/21/2022, 9:04 AM
Thanks a lot.
Will supertokens API's work for safari browser too?
r

rp

10/21/2022, 9:05 AM
Yea. As long as the websiteDomain and apiDomain share the same top level domain
a

Alen

10/21/2022, 9:05 AM
Ok thanks.
Is this only for safari or all other browsers as well ?
r

rp

10/21/2022, 9:06 AM
only safari
a

Alen

10/21/2022, 9:07 AM
Got it. Will you be providing any updates for safari in future so that it supports other domains as well ?
r

rp

10/21/2022, 9:08 AM
yes. We will roll out header based sessions as well
a

Alen

10/21/2022, 9:08 AM
Thanks a lot.
Hi I was trying with Safari browser, My other API calls are being blocked and Im getting this error. Once if comment out the Supertokens.init it will work normally. Do you guys have any solution for this ?
r

rp

10/21/2022, 9:48 AM
does it give this error in other browsers as well?
a

Alen

10/21/2022, 9:48 AM
Not for other browsers
r

rp

10/21/2022, 9:48 AM
let me check
a

Alen

10/21/2022, 9:48 AM
Only for Safari
And my other API calls are not being triggered
r

rp

10/21/2022, 9:49 AM
what do you mean by that?
a

Alen

10/21/2022, 9:50 AM
My website has several other API's which are not part of Supertokens. When I have supertoken.init function inside my codebase, it gives this error and my other backend functions are not being called. When I comment out the supertokens.init it works normally
r

rp

10/21/2022, 9:51 AM
so the other APIs aren't called at all when you call them from the frontend?
a

Alen

10/21/2022, 9:51 AM
yeah
r

rp

10/21/2022, 9:52 AM
i see. Can you please open an issue about this? We will fix it ASAP
a

Alen

10/21/2022, 9:52 AM
it shows the above error
Sure where should I create this issue ?
r

rp

10/21/2022, 9:52 AM
the above error doens't actually cause any problems. But we will check it out nonetheless
you can make an issue on supertokens-website repo
a

Alen

10/21/2022, 9:53 AM
Ok Got it
r

rp

10/21/2022, 9:53 AM
can we get on a quick call as well so i can see what's happening please?
a

Alen

10/21/2022, 9:53 AM
I will add you to a call with my team mate
We can discuss the issue
r

rp

10/21/2022, 9:54 AM
alright1
when do you want to have it?
a

Alen

10/21/2022, 9:54 AM
now is it possible ?
r

rp

10/21/2022, 9:54 AM
yea sure
I'll send a link
a

Alen

10/21/2022, 9:54 AM
sure thanks
a

Alen

10/21/2022, 10:34 AM
Hi, I have opened an issue. Please do let me know once you have fixed it. Atleast if other API's can work it would be nice.
r

rp

10/21/2022, 10:39 AM
Yea. We will fix it ASAP.
a

Alen

10/21/2022, 10:46 AM
Thanks
Sorry to disturb, just wanted to know if you could provide me any date before which we could see the fix. I wanted to inform my team members about timeline.
r

rp

10/21/2022, 10:53 AM
well, 3-4 days
we are trying to see what the issue is now
if we figure it out now, then we can release a fix today
but if not, then it may take 3-4 days
a

Alen

10/21/2022, 10:54 AM
Sure thanks a lot. Let me know if you need any other information. Avaliable on Discord as well.
r

rp

10/21/2022, 10:54 AM
thanks
hey @Alen . We have released the fix. Please see my comment here: https://github.com/supertokens/supertokens-website/issues/168#issuecomment-1289376778
a

Alen

10/25/2022, 3:50 AM
Hi @rp, thanks a lot. I will try this out and let know if the error persists.
Also I was facing one more issue, while doing
await Session.signout()
it's not clearing the cookies properly. Due to which when I check if Session exist or not it returns true and takes me to dashboard.
Do I have to do something else apart from Session.signout to clear the cookies.
r

rp

10/25/2022, 4:05 AM
Nothing else should be required. Try updating the SDK and seeing if it fixes that issue or not
a

Alen

10/25/2022, 4:05 AM
I have tried out the fix which you guys gave. Its not throwing the error. Thanks a lot.
r

rp

10/25/2022, 4:05 AM
Great
a

Alen

10/25/2022, 4:06 AM
sure I will try it.
I tried signing out. For both Safari browser and incognito mode Sign out doesn't work for me. Still the cookies are present.
r

rp

10/25/2022, 11:46 AM
Hmm I see. Can you send me the request and response headers of the sign out api call?
a

Alen

10/25/2022, 11:48 AM
So I'm directly calling it using
await Session.signout()
function from frontend.
In this way only we have to signout right ?
r

rp

10/25/2022, 11:49 AM
You can call the api yourself too
But calling the function should work
What’s the api call being made?
a

Alen

10/25/2022, 11:51 AM
/auth/signout
r

rp

10/25/2022, 11:52 AM
Yes
When you call the function, does it not make an API call?
a

Alen

10/25/2022, 11:54 AM
The API is being made, getting a success message. But cookies still present.
r

rp

10/25/2022, 11:55 AM
So the request doesn’t have any cookies attached to them
a

Alen

10/25/2022, 11:55 AM
So this in safari
r

rp

10/25/2022, 11:56 AM
Do the cookies get sent for regular api calls?
a

Alen

10/25/2022, 11:58 AM
regular API calls means supertoken's middleware or our own API ?
r

rp

10/25/2022, 11:58 AM
Supertokens middleware. For example the refresh api call
And also, what are the set-cookies response header in the login api?
a

Alen

10/25/2022, 12:01 PM
No cookies being attached in signinup/code API
r

rp

10/25/2022, 12:03 PM
so that API just generates a code
see the API call for the one that consumes the code
a

Alen

10/25/2022, 12:03 PM
yeah correct
Ok
Its sending the cookies
Here we are getting the cookies right
But while signing out we aren't sending the cookies in Safari browser or incognito mode
you guys know any way to resolve this issue ?
n

nkshah2

10/25/2022, 12:17 PM
Can you share what configuration you use when calling SuperTokens.init on the frontend and backend?
a

Alen

10/25/2022, 12:17 PM
Ok just one mic
min*
Front end :
SuperTokens.init({
        appInfo: {
          apiDomain: Constants.SUPERTOKENS_SVC_URL,
          apiBasePath: "/auth",
          appName: "blocksurvey",
        },
        recipeList: [
          Session.init(),
          Passwordless.init()
        ],
      });
Backend :
supertokens.init({
    framework: 'express',
    supertokens: {
        // These are the connection details of the app you created on supertokens.com
        connectionURI: config.supertokensConfig.connection_url,
        apiKey: config.supertokensConfig.api_key,
    },
    appInfo: {
        // learn more about this on https://supertokens.com/docs/session/appinfo
        appName: 'blocksurvey',
        apiDomain: apiDomain,
        websiteDomain: websiteDomain,
        apiBasePath: '/auth',
        websiteBasePath: '/signin',
    },
    recipeList: [
        Passwordless.init({
            flowType: 'USER_INPUT_CODE_AND_MAGIC_LINK',
            contactMethod: 'EMAIL',
Are these details enough?
n

nkshah2

10/25/2022, 12:21 PM
What are the values for
Constants.SUPERTOKENS_SVC_URL
on the frontend and
websiteDomain
on the backend?
a

Alen

10/25/2022, 12:22 PM
Hi so you guys have any fix for this ?
Or am I doing something wrong ?
r

rp

10/25/2022, 12:29 PM
So the cookies are being set
im not sure why the browser is not sending the cookies in the sign out API
Is it working on chrome?
a

Alen

10/25/2022, 12:33 PM
yeah its working on chrome and other browsers apart from safari and incognito mode
r

rp

10/25/2022, 12:33 PM
i see.
I think the issue here is cross site requests
safari disables sending cookies in this case
whats ur website domain going to be in production?
a

Alen

10/25/2022, 12:34 PM
it will be varying , we have some clients with custom domain as well
how to forcefully clean the supertokens cookies then ?
r

rp

10/25/2022, 12:37 PM
well, you can't. Cause safari doesn't allow that cross domain. So the best thing you should do is to make the apiDomain a sub domain of the actual website domain
so if websiteDomain is going to be example.com, make the API domain api.example.com or something
and the api domain would reverse proxy to the onrender link you are using now
a

Alen

10/25/2022, 12:39 PM
Can we clear the cookies on our own forcefully? Will it create any issues ?
r

rp

10/25/2022, 12:39 PM
you can't. Safari just makes that impossible.
And also you need to have cookies sent over cause things like email verification won't work
You can either do that, or you can switch to non cookie based auth, which is possible, but would require a few customisations on your end. See this example app -> https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-localstorage
note that if you switch to non cookie based auth, it opens your app to vulnerabilities like token theft via XSS. So if I were you, I would just stick to cookie based auth and setup a reverse proxy sub domain for each of the frontends.
And a reverse proxy sub domain is as simple as adding a DNS record.
a

Alen

10/25/2022, 12:43 PM
Actually we have clients who will be using their own domains for hosting our services.
It will not be possible if we go with reverse proxy
So you are saying forceful clearing of cookies in Safari is not possible ?
r

rp

10/25/2022, 12:45 PM
correct. Safari is very strict about cross domain cookies
So then you should enable non cookie based auth
checkout the example app above.
a

Alen

10/25/2022, 12:47 PM
Ok thanks.
r

rp

10/25/2022, 12:54 PM
the example above uses axios / fetch and not httpclient. For httpclient, you will need to add an interceptor just like how axios interceptor is added in the above example: https://angular.io/guide/http#write-an-interceptor
a

Alen

10/25/2022, 12:59 PM
We are not going with non cookie method as you suggested it will be vulnerable.
Will you be providing any fix for this in future ?
r

rp

10/25/2022, 1:11 PM
well, there is no fix for this other than what i suggested: - Setup a reverse proxy / CNAME for the api domain - Or use non cookie based auth
it's just how Safari chooses to work
a

Alen

10/25/2022, 1:15 PM
Ok got it, thanks a lot.
Hi, I want to send a query param from frontend to backend and attach that query param with the magic link send in the mail. Could you please suggest how I could achieve this ?
r

rp

10/26/2022, 7:19 AM
When the create code API is called, you can use the pre API hook to add your own custom property to the request body
then in the backend, you override the sendEmail function in the email delivery config and in that, you can get the request object from the userContext._default property
then from the request object, you can read the custom property and add it to the magic link however you like.
a

Alen

10/26/2022, 7:21 AM
Any code refer you have for pre API hook ?
r

rp

10/26/2022, 7:21 AM
you are using passwordless recipe right?
a

Alen

10/26/2022, 7:21 AM
Yeah
a

Alen

10/26/2022, 7:24 AM
Thanks
I dont use this npm package
"supertokens-auth-react/recipe/passwordless"
. Instead I use
supertokens-web-js/recipe/passwordless
. Will it create any issue?
r

rp

10/26/2022, 7:27 AM
ah right. In that case, the pre API function is available as an input to the function call itself
a

Alen

10/26/2022, 7:28 AM
sorry I didnt get it
r

rp

10/26/2022, 7:29 AM
So like this:
ts
Passwordless.createCode({
    email: "...",
    options: {
        preAPIHook: async (context) => {
            // TODO: modify request body in context
            return context;
        }
    }
})
a

Alen

10/26/2022, 7:29 AM
where should I put this ?
r

rp

10/26/2022, 7:30 AM
i mean wherever you are calling the
createCode
function
a

Alen

10/26/2022, 7:30 AM
Ohh got it. Thanks.
In backend then how can I fetch this?
r

rp

10/26/2022, 7:33 AM
override the sendEmail function first, and then read it from the request object available in the userContext input to the sendEmail function
a

Alen

10/26/2022, 7:34 AM
Ok thanks
Hi @rp this is my sample magic link
http://localhost:4200/signin?rid=passwordless&preAuthSessionId=WvK4-jhGS2O1zIc13Ba7P1nhu-HuZ_BCLDQqC-djGTY=#yvtA3M0PM2sl3Qhi-3j2CYEZy1OXqE5uNFr3brzU5A4=&redirectTo=true
I have added an extra query param
redirectTo=true
. But while validating the url and consuming it. The backend is throwing an error :
Error: SuperTokens core threw an error for a POST request to path: '/recipe/signinup/code/consume' with status code: 400 and message: Input encoding error in linkCode

    at Querier.<anonymous> (C:\supertoken-function\node_modules\supertokens-node\lib\build\querier.js:252:31)
    at Generator.throw (<anonymous>)
    at rejected (C:\supertoken-function\node_modules\supertokens-node\lib\build\querier.js:22:44)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
How can I resolve this ?
r

rp

10/26/2022, 8:57 AM
That’s cause you are adding the query param to the fragment part of the url
The fragment part is the stuff followed by the “#” part in the url
You want to add the query param before that
a

Alen

10/26/2022, 8:58 AM
How can I add that ?
The link code is forming automatically right from your side
r

rp

10/26/2022, 8:59 AM
Yes. But you can deconstruct the url and add the query param and construct the url again
String manipulation
Or use a package which allows you to change query params from a url
a

Alen

10/26/2022, 8:59 AM
Ok got it
but if I put it above rid also its throwing same error
http://localhost:4200/signin?redirectTo=true&rid=passwordless&preAuthSessionId=WvK4-jhGS2O1zIc13Ba7P1nhu-HuZ_BCLDQqC-djGTY%3D#yvtA3M0PM2sl3Qhi-3j2CYEZy1OXqE5uNFr3brzU5A4&=
something like this
r

rp

10/26/2022, 9:01 AM
Yea this should work
a

Alen

10/26/2022, 9:02 AM
But this is not working
same error Im getting
r

rp

10/26/2022, 9:02 AM
Are you sure you are correctly changing the url? As in not messing up the stuff after the # tag
a

Alen

10/26/2022, 9:02 AM
No im not
r

rp

10/26/2022, 9:03 AM
Maybe console log the link before you change it and after you change it and see the difference
If it’s correct, then maybe open an issue about this on our GitHub and we will check it out
a

Alen

10/26/2022, 9:03 AM
Ok I will look into it anc come back to you
Thanks
r

rp

10/26/2022, 9:04 AM
Thanks 🙂
a

Alen

11/24/2022, 8:04 AM
Hi, I was getting this error from backend while verifying session user Id :
{
    status: "failed", 
    message: "Access token has expired. Please call the refresh API"
}
How can I refresh the access token ? and what expiration time do you recommend for access token ?
Also wanted to know whether we can use 2 3 recipes together ? and compared to passwordless and social auth recipes which one is more converting in numbers? Which one would you recommend?
Do you have some recipes related to Web 3 in your plan ?
r

rp

11/24/2022, 8:15 AM
Does that reply come from the core or from the backend SDK?