https://supertokens.com/ logo
m

mamousavi

07/17/2022, 3:55 PM
Hey. I really like this library especially the passwordless recipe. One thing that doesn't quite make sense to me is that most auth solutions are implemented as a standalone API service which the frontend can directly talk to, but with ST you have to implement the endpoints using the backend sdk which is perfectly fine but that essentially renders the core useless. In theory you can just integrate all of the functionalities of the core directly into the backend sdk and completely get rid of an additional service.
r

rp

07/17/2022, 3:57 PM
Hey @mamousavi the endpoints are exposed via the backend SDKs as well. if you add the SuperTokens middlware to your app that we provide, it will expose those APIs for the frontend. Those APIs in turn talk to the core for operations that require a db. That being said, you can override all the functions of the recipe to talk to your own db if you want, and then you don't need the core - but as you would expect, this is quite a lot of work.
m

mamousavi

07/17/2022, 4:03 PM
Thx. I was aware of the middleware and when I said implement i meant expose. As for the second point, are there any examples/reference that i can look into? Honestly I'd rather do some extra work than pay for additional db and service hosting.
r

rp

07/17/2022, 4:05 PM
> when I said implement i meant expose. What do you mean by expose? The middleware does that too. You can call those APIs from the frontend. > As for the second point, are there any examples/reference that i can look into? Well, no specific examples of this, but you can checkout https://supertokens.com/docs/passwordless/advanced-customizations/backend-functions-override/about > Honestly I'd rather do some extra work than pay for additional db and service. you can connect the core to your own db as well.
n

Naf

07/17/2022, 4:05 PM
depending on your hosting situation, you could just add another schema to your current DB and hook supertokens into that schema, instead of its own DB
m

mamousavi

07/17/2022, 4:21 PM
I checked it out but it seemed to me that the core is not only responsible for talking to db but some other functionalities like generating otp/magic link is also done by the core. As you said that'd be way too work.
r

rp

07/17/2022, 4:21 PM
yes correct.
w

wdjzr

07/19/2022, 3:17 PM
I am selfhosting the core on the same machine with my backend and I use the same database for the core and my backend, all in a 5$/mo vps. Didnt come across any performance issues yet
m

mamousavi

07/19/2022, 6:43 PM
I can imagine. I'm deploying containers on a PaaS though.
Here's a suggestion: I think it's possible to rewrite all of the functionalities of the core as Postgres SQL functions that run directly in the database and eliminate the need for an additional service. Of course this would tie the SDK to Postgres but it isn't really a problem. Users still have full custody over their data.
r

rp

07/30/2022, 9:36 AM
Hmmmm. But then the different backend SDKs would have to all repeat the queries. And we do want to support other dbs as well. Even mongodb in the future.
If you really want to eliminate the core for your specific use case, you can override all the recipe functions that talk to the core with your own logic that talks to your db.
m

mamousavi

07/30/2022, 10:53 AM
> But then the different backend SDKs would have to all repeat the queries. They wouldn't. Queries are written as a SQL function once and different SDKs can just call them. https://www.postgresql.org/docs/current/sql-createfunction.html > And we do want to support other dbs as well. That's the tradeoff. Postgres is a real beast though, Supabase has literally built a company with it. > you can override all the recipe functions that talk to the core with your own logic that talks to your db. That's possible for simple email password, but much harder for passwordless. I switched to GoTrue for now, but I really like this library since it lives almost entirely in your backend and needs no webhooks; Although the core is a real pain in the * 😆 .
r

rp

07/30/2022, 10:56 AM
Well, even with gotrue, you have to run a service, similar to how you run the core? And if you are using managed service of supabase, we also provide a managed service which runs the code for you
So is the actual issue that we use Java vs gotrue using golang?
Also talking about webhooks, why don’t you like them?
m

mamousavi

07/30/2022, 10:59 AM
I've mentioned this before, gotrue is a standalone API service that the frontend can directly talk to. It's just that the current ST architecture doesn't make sense to me.
r

rp

07/30/2022, 11:00 AM
Hmm. Alright! Thanks for the feedback.
What are your thoughts on webhooks?
Why do you prefer “whole lib living in the backend” vs making webhook API?
Cause the webhooks also live on your backend
m

mamousavi

07/30/2022, 11:02 AM
It's simpler. No need to create an endpoint.
r

rp

07/30/2022, 11:02 AM
And what are some issues with creating endpoints? Any specific reason or just extra cognitive load?
m

mamousavi

07/30/2022, 11:04 AM
For me simplicity rules. But also my serverless platform bills by the request count. 😆
r

rp

07/30/2022, 11:05 AM
Hmm I see. But the relative cost of the number of webhook calls from auth server vs calls from your app’s frontend is very very low right?
m

mamousavi

07/30/2022, 11:05 AM
Of course.
r

rp

07/30/2022, 11:06 AM
So it’s just simplicity then? Just not needing to create and manage extra APIs
m

mamousavi

07/30/2022, 11:07 AM
That's the main point.
r

rp

07/30/2022, 11:07 AM
Gotcha
m

mamousavi

07/30/2022, 11:09 AM
Thanks for the amazing support. Keep up the great work. 😉
r

rp

07/30/2022, 11:09 AM
Thanks!