Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Sign up and sign in flow

Status:
accepted
Deciders:
rishabhpoddar, makerboiAdi
Proposed by:
makerboiAdi
Created:
2022-11-28

Context and Problem Statement#

We need to provide a way for devs using SuperTokens to sign up and sign in to access the user management dashboard.

Considered Options#

  • Create users via API call to the core and sign in via dashboard. Reset password via API call to core.
    • The Curl command will display the placeholder code in which the user has to place their connectionURI and API key (if configured).
  • Allow only the first user to be created via the dashboard. Any new users would be created / invited by this first user after they sign in. Reset password can be done via sending emails.
  • Multi tenant setup of SuperTokens in which we use SuperTokens to create auth flows.

Decision Outcome#

We decided to do with "Create users via API call to the core and sign in via dashboard. Reset password via API call to core" (option 1) because it is quick for us to build as an MVP.

Then in version 2 of this, we decided to go with option (2). This would require more work for us to build out the invite flow etc..

Then finally, once SuperTokens is multi tenant on the core and backend SDK level, we can consider using option (3).

Pros and Cons of the Options#

Create users via API call to the core and sign in via dashboard. Reset password via API call to core.#

  • Quick to implement for us
  • Devs have run CLI commands - not the best onboaring experience.
  • The CLI command is not just copy / paste. The dev has to replace a few parts of it = more friction.
  • Not what people expect to create new users.
  • The admin knows the password of all users.
  • Allow only the first user to be created via the dashboard. Any new users would be created / invited by this first user after they sign in. Reset password can be done via sending emails.#

  • Good dev experience
  • More work for us
  • The first user can be created by anyone. So if the dev forgets to do that and launches their app in prod, then theoritically, anyone can create a user and affect the app./
  • Multi tenant setup of SuperTokens in which we use SuperTokens to create auth flows.#

  • Can you all the nice features of SuperTokens
  • Github issue link#

    https://github.com/supertokens/dashboard/issues/55