SuperTokens Blog

April 14, 2022

How to deploy SuperTokens with React and NodeJS on Vercel

This tutorial wil guide you on how to add SuperTokens to a React and Express app deployed on Vercel

March 24, 2022

What is a JWT? Understanding JSON Web Tokens

Learn about JWTs, their pros & cons, and how they work.

March 23, 2022

OAuth vs JWT (JSON Web Tokens): An In-Depth Comparison

Learn about the difference between JWT Token and OAuth

March 14, 2022

Building a login screen with React and Bootstrap

Build an elegant login screen super fast using React and Bootstrap

March 02, 2022

How to hash, salt, and verify passwords in NodeJS, Python, Golang, and Java

How to hash and salt passwords in different languages and why it's important to do so

February 10, 2022

Revoking Access to JWT tokens with a Blacklist/Deny List

Learn how to maintain a JWT token blacklist / deny list using an in-memory data cache

February 09, 2022

How to Set up Social and Email Password Login With ReactJS in 10 Minutes

In this blog, we'll walk you through setting up an email-password authentication with popular social providers like Google, GitHub, and Apple using SuperTokens on a ReactJS application with ExpressJS as the backend.

January 26, 2022

Adding social login to your website with SuperTokens (custom UI only)

This blog walks you through integrating your frontend with social login APIs provided by SuperTokens.

December 13, 2021

How to customise SuperTokens APIs

Any auth solution must provide the ability to customise their APIs. In this blog we discuss how to customise the auth APIs provided by SuperTokens using its “Override” feature

November 11, 2021

Why is redux state immutable?

This blog covers an analysis of why redux state is immutable and how you should go about modifying state in your Redux applications

November 10, 2021

Solve the problem of vendor lock-in

What is vendor lock-in? How does it affect your customers? What are the different ways you can minimize it? Read the blog to learn more.

June 01, 2021

Implementing a forgot password flow (with pseudo code)

What should happen on the backend when a user forgets their password? Read to find a pseudo code implementation of the simplest way to reset passwords securely.

March 05, 2021

The real reason Okta spent $6.5B on Auth0

Why did Okta spend $6.5B on Auth0? What does this mean for app developers? See reactions from customers and employees.

December 10, 2020

Speed up your web development time by integrating Webflow into a React application

Writing JSX to build pixel perfect UI elements can be very time consuming and frustrating. Learn how react engineers can inject complex elements / React components into a Webflow generated HTML page.

July 30, 2020

Detecting session hijacking using rotating refresh tokens - OSW 2020

Session hijacking is one of the oldest, yet unsolved, attack vectors to gain unauthorised access to a user’s account. This discussion is regarding a method called "rotating refresh tokens" to better detect token theft.

June 23, 2020

Cookies vs Localstorage for sessions – everything you need to know

What are the usability and security trade-offs of storing session cookies in cookie storage or browser storage? Learn more about the best approach and common misconceptions that people have about it.

June 11, 2020

Express-session vs SuperTokens for handling user sessions

This article will be comparing SuperTokens to Node’s most popular session management library– express-session. Learn more about the comparison based on different security and performance metrics.

May 06, 2020

Should you use Express-session for your production app?

Being Node’s most popular session management library, express-session has its set of flaws– especially when it comes to security. This article will help you analyse the good and bad parts of it.

April 24, 2020

OAuth 2.0 vs Session Management

A lot of developers confuse OAuth with web session management and hence end up using the wrong protocol. This article will clarify when to use what solution.

March 18, 2020

Are you using JWTs for user sessions in the correct way?

JWTs were originally designed for use in OAuth. This article covers the pros and cons of using JWT and talks about a solution which has the advantages of JWTs without any of its disadvantages.

June 08, 2019

The best way to securely manage user sessions

This blog covers an analysis of a new open source session flow that is secure and easy to integrate. Learn more about the customizable library and its implementation details.

June 07, 2019

All you need to know about user session security

This article covers extensive conversations with over 70+ developers exploring different session management practices, identifying issues and converging on a solution to these issues.