SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Are there any timelines for multi tenant support? I know multiple sub domains are supported but over there basically the same session cuts across.

so you want to limit a session based on sub domain?

<@498057949541826571> yes. We need to customise the session data/jwt based on sub domain.

Refresh tokens being set on a different api domain is fine. But the actual refreshing of tokens and session creation should take sub domain in consideration.

We’ve implemented the custom flow over here to achieve this. But during our testing. It’s has bugs. Basically it’s patchy

An official implementation will definitely solve lot of issues

right yea. that's possible if you change the access token payload of the session to include the allow sub domains and check that during session verification.