SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hello, 
I was checking the server logs, and I found 
Token theft detected. 
What does this mean and more importantly how it is triggered ? at what scenario you throw this error ?

Hey! This means that the session’s refresh token was used after it was already used once and it’s access token was used as well.

So it could happen if you are querying your APIs manually via postman or something and made a mistake somehow

Or well, the refresh token was actually used on a different browser (via manually copy / pasting it)