Skip to main content


  • SuperTokens is not yet optimised for 2FA implementation, so you have to add a lot of customisations for it to work. We are working on improving the development experience for 2FA as well as adding more factors like TOTP. Stay tuned.
  • A demo app that uses the pre built UI can be found on our GitHub.


  • Add Email or SMS based OTP / magic link as a second factor auth.
  • Allow access to APIs only if multi factor auth has been completed.
  • Allow access to frontend routes only if multi factor auth has been completed.
  • Use your custom UI or our pre built UI for the second factor auth.

Demo application#

See our example app on GitHub that uses NodeJS and React. It has email password + social login (thirdpartyemailpassword recipe) as the first factor, and SMS OTP (passwordless recipe) as the second factor

New features in progress (not released yet)#

  • Optionally enable multi factor for users (based on their choice).
  • Multi factor using TOTP (Google authenticator app).
  • Backup recovery codes.
  • Step up auth
Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI