Hey! Question about hashing - does SuperTokens support storing email address as hash only? I saw the...

callstack1

02/15/2023, 2:28 AM

Hey! Question about hashing - does SuperTokens support storing email address as hash only? I saw the docs about hashing passwords, but not sure if this can be used for email addresses as well. We already implemented passwordless login w/ magic link in our Flask app, but we are looking into only storing hashed email addresses in our db

rp_st

02/15/2023, 5:33 AM

hey @callstack1 this is possible. You want to override the all the passwordless recipe functions on the backend (not APIs) to hash the input email before using the original implementation. That being said, this may cause issues for resending the magic link. But if you don't hash the email in createCode, then this should be fine (essentially, you only want to has the email in consumeCode and getUserByEmail functions)

callstack1

02/15/2023, 5:24 PM

I see - so basically copy the passwordless recipe functions into our backend code and manually add the hashing functionality?

rp_st

02/15/2023, 5:24 PM

You don’t need to copy anything through

rp_st

02/15/2023, 5:24 PM

Though*

rp_st

02/15/2023, 5:25 PM

You can use our override feature to hash the email before calling the original implementation

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).