https://supertokens.com/ logo
Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Powered by
Title
g

goodgravy

03/10/2023, 3:51 PM
Hey all, is there a recommendation for how best to handle using SuperTokens in a setting where the domain name(s) are unpredictable? My use case is we have ephemeral preview apps created for each pull request, each on a different domain name. I was hoping I could pass an empty string for 
websiteDomain
and 
apiDomain
to indicate using the current host – something like that. We get an "Error: Please provide a valid domain name" message when doing this, however. It's possible for us to pass through the current domain name all the way from our CI, but it's a bit fiddly – wondering if there's a better way.
r

rp

03/10/2023, 10:15 PM
Hey @goodgravy
We are working on making this more flexible, but until then, you can pass in some random websiteDomain and set the cookieSameSite setting in session.init to the right value manually.
You can also override the sendEmail functions to change the random domain name in the password reset / email verification links to what’s present in the request’s origin
g

goodgravy

03/12/2023, 2:21 PM
@rp could you explain this workaround some more? If I use e.g. http://example.com for the websiteDomain, I'm redirected there use 
redirectToAuth
. It seems the backend and the frontend – anywhere there's appInfo usage going on – is going to need to explicitly specify the current domain, no?
(Part of the issue here is that we like to use the same docker images between pre-prod and prod, so baking domain names into them is problematic – which is what the Next.js build process does when you access process.env)
r

rp

03/12/2023, 2:52 PM
So on the frontend, you can use location.origin as the websiteDomain value
Is there some sort of regex / conman parts to the website and api domains for previewing and production?
g

goodgravy

03/12/2023, 10:09 PM
Yes, there are predictable elements in the various domains. I was expecting from the behaviour of redirectToAuth, however, that I'd need to know the exactly correct domain for SuperTokens to work, though? Seems I'm missing something…
r

rp

03/13/2023, 6:07 AM
well, on the frontend, you can use location.origin as the websiteDomain. On the backend, you can set it to any valid domain and override the sendEmail functions (see email delivery section in our docs) to change the domain in the links based on the request's origin. I know i have said this previously, but this is as clear as i can get without knowing much about your setup.
#support-questionsJoin Discord
Powered by