supertokens-core

by supertokens

14.2Kstars

577forks

66watchers

Updated 10 months ago

About

SuperTokens is an open-source, self-hosted authentication framework providing secure login, session management, and user identity features as an alternative to Auth0 and similar services.

Open source alternative to Auth0 / Firebase Auth / AWS Cognito

Primary Use Case

SuperTokens is designed for developers and organizations seeking a customizable, secure, and privacy-focused authentication system that can be self-hosted to retain full control over user data. It simplifies adding authentication, session management, and multi-factor authentication to web and mobile applications without the complexity of OAuth protocols.

Key Features

Passwordless Login
Social Login
Email Password Login
Phone Password Login
Session Management
Multi-Factor Authentication
Multi Tenancy / Organization Support (Enterprise SSO)
User Roles

Installation

Refer to the documentation at https://supertokens.com/docs/guides for SDK installation for your preferred language or framework.
Deploy SuperTokens Core as an HTTP service to handle core authentication logic and database operations.
Integrate Backend SDK to provide APIs for sign-up, sign-in, sign-out, and session refresh.
Use Frontend SDK to manage session tokens and render login UI widgets.
Optionally, use Docker images available for easy deployment (e.g., docker pull supertokens/supertokens-postgresql).
Configure your database to store user and session data as required.

Usage

>_ docker pull supertokens/supertokens-postgresql

Pulls the official SuperTokens Docker image with PostgreSQL support for easy deployment.

>_ Use Frontend SDK methods to render login UI and manage session tokens

Manages user sessions and login UI on the client side.

>_ Use Backend SDK APIs for sign-up, sign-in, sign-out, and session refresh

Handles authentication workflows and session management on the server side.

Security Frameworks

Initial Access

Persistence

Defense Evasion

Credential Access

Impact

Usage Insights

Integrate SuperTokens with existing SIEM tools to enhance detection of anomalous authentication attempts.
Leverage the multi-tenancy and user roles features to simulate insider threat scenarios during purple team exercises.
Use the passwordless and multi-factor authentication capabilities to reduce attack surface against credential theft.
Deploy SuperTokens in microservice environments to centralize authentication and improve security posture.
Customize session management policies to enforce strict session expiration and reduce risk of session hijacking.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about supertokens-core. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

3 free chats per tool • Instant responses • No credit card

Security Profile

Red Team30%

Blue Team90%

Purple Team70%

Details

LicenseOther

LanguageJava

Open Issues525

Topics

authentication

session-management