SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hey. Sorry for asking so much questions, all seems fine so I hope It is going to be last one 😅 
I am trying to enable JWT authentication. I enabled jwt on sever-side like that:

```
recipeList: [
    jwt.init(),
    ThirdPartyEmailPassword.init({
      providers: [
        Github({
          clientId: envs.OAUTH_GITHUB_CLIENT_ID,
          clientSecret: envs.OAUTH_GITHUB_CLIENT_SECRET
        }),
      ]
    }),
    Session.init({
      jwt: {
        enable: true,
      },
      getTokenTransferMethod: () => 'header'
    }),
```

However, token saved after "sign in with github" under the key "st-access-token"
seems to be invalid

```eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0=.eyJzZXNzaW9uSGFuZGxlIjoiNmM5MGRjMDAtYjg5YS00NjE4LWJhNDYtNWQ3Y2I3ZWE3OTZkIiwidXNlcklkIjoiOTdlYWUwMWUtNzViMC00M2E1LTlhYmEtZWIxNjY1MGJlNTdhIiwicmVmcmVzaFRva2VuSGFzaDEiOiJlYzRkMjM2ZWJlYjZlMDA3YzYxMjA3MTZlMzhhMzkxNjBmM2E5ZDYxMjdiMzk5MmY2OTI0M2Q3ZjQxMDBkNDk2IiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7Imp3dCI6ImV5SnJhV1FpT2lJeFl6STVaams1T1Mxa01HUmpMVFJqTkdVdFlqRTFaaTB6TlRZeU5qYzRNVFptWlRZaUxDSjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSlNVekkxTmlKOS5leUp6ZFdJaU9pSTVOMlZoWlRBeFpTMDNOV0l3TFRRellUVXRPV0ZpWVMxbFlqRTJOalV3WW1VMU4yRWlMQ0pwYzNNaU9pSm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qUXdNREF2WVhCcEwyRjFkR2dpTENKbGVIQWlPakUyTnpjeE56WXhOREFzSW1saGRDSTZNVFkzTnpFM01qVXdPWDAuVGZxbEtVaUI5cWxBSDU0aENpYW5BVGlxM2lLV09JYjVtdi1TckU3dHJVRzNuQUNxWDg1V2FXR2hENDBEUnlWb2hmTzdNXzhSRGxYUFRXMWZwcnNlRS1YemJXZmhpUlZ1dmc3WTk3UlpwZEdYbFFDRFp6VXlvSmVyZnZEVVJrVkZrbnVDT1ppUDVwUmlCeFBiYUpNVWVqNElYaEtwRVpnZnRmY3hvcUxTN3Z3RVlfZ1hrUUZpWTlVSUpsMGVBV2ZvcXBEVnpwS0dRWDByQnRfSk9oMnlxZTlDYUk4ZFRsU2phdEZLTXpjX01ROVRSRFdQYnNrbHNuOXRHbEh5bWp6dEZHbEMxOUhnUWtlR0dJczVyNkNXRXJRZ2hxcUd4M2tPTlZUbWxSbGFXcGlPOEx3QUFmbkd4VDhGLVFFWWpiTlFyS1g2VFkxU0dhYldKWWxQTUFsbGJBIiwiX2p3dFBOYW1lIjoiand0In0sImFudGlDc3JmVG9rZW4iOm51bGwsImV4cGlyeVRpbWUiOjE2NzcxNzYxMDkwNTcsInRpbWVDcmVhdGVkIjoxNjc3MTcyNTA5MDU3LCJsbXJ0IjoxNjc3MTcyNTA5MDU3fQ==.SJP9HmDXLDnl8HrnQveldwVlCYNblZCcL2XF5BBom5DLhR0FlceG/g9jT9f0XCXsrazBolaWvhyJ5NIBk5THz6q81gmN9yS6vjz1iEdLi1fLcfGlukr0bUeImhCE+jH9SbigNnk+SQCvv9VYnUXFf8iizX2cybgx8f7z+Y5vWWAjDp6tyEjal4ngrlxg6BmEFHZXdB8mX2f+0aPfEoBUKBds4VvgjXgYx0YohRryM6rFXFZ+zxS0cVMj3FWLeFLCHrxt5Ch2bRPx41itFUNUlBvo56TPH/gasUVv35Gk2KCX1RTWlQ1Pcmch72gDQ+dtn1if8jZ/Zepm+mfUQKWsuA==```

JWT is invalid so I'm getting error: 
```JsonWebTokenError: invalid token```

Ok I've found additional docs:
https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/with-jwt/read-jwt

I was looking everywhere else probably 😅

but still, `st-access-token` should be a JWT, right? It seems not to be in my case

It’s not a JWT, but it is a stateless cookie. We had intentionally made it this way cause people were using the st-access-token for third party service auth as well, which it’s not meant for.

But then we got feedback really quickly (similar to yours) that that was not a good idea. So we are working on making it a JWT as well.

Oh ok, thank you for answer!

So basically in current way you propose to authenticate, and after it to fetch JWT token and use this token to authenticate third party service?