SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hi there! I'm trying to integrate SuperTokens with my Python API but it looks like there are some incompatibilities with other libs (Django 4.0.3). Is the cookie spec documented somewhere so I can verify it myself without using the SDK?

Hey <@599052005088034844> we don't have the cookie spec documented anywhere as such. But you can checkout this function to see how the validation works: https://github.com/supertokens/supertokens-python/blob/master/supertokens_python/recipe/session/session_functions.py#L74

On the other hand, we can probably sort of the dependency issue if you show me the error.

Or rather create an issue about the dependency error on our github

Thanks, opened an issue: https://github.com/supertokens/supertokens-python/issues/207

More generally, I'd really encourage documenting the cookie spec. I'm fine with adopting a 3rd-party tool for auth on the frontend but I need to be confident that I can authenticate with any of my services even if you don't have an SDK for them.

When you say spec, you mean pseduo code for how to go about verifying the access token yourself manually. Right?

Yeah, that would be ideal. The base case is comparing to JWTs which are very well-documented, despite their security flaws.

Another issue: I'm trying to fetch the JWKS (https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/with-jwt/get-public-key#1-call-the-jwks-endpoint-for-supertokens-core) but get a 401 error. There's no explanation of what auth I need to provide.

You need to provide the api-key header for the core