SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Is there a reason invalid otp responses are 200?

See this please https://discord.com/channels/603466164219281420/992074366403751956/992075086267953252

Understood the rationale, thanks, not really a big issue to accommodate this, choosing status codes are always contentious and a lot of time is spent discussing it. I only want Supertokens to not have any breaking changes on the api and status codes.