Which UI do you use? Pre built UI
Pre built UI
Custom UI
Using in an iframe
If your website can be embedded in an iframe which is consumed by other websites, then this section is for you.
caution
If the sites in which your iframe can be embedded share the same top level domain as the iframe domain, then you can ignore this section.
Frontend changes#
- Set isInIframetotrueduringSession.initon the frontend.
- You will need to use httpsduring testing / dev for this to work. You can use tools like ngrok to create a dev env with https on your website / API domain.
- Switch to using header based auth
- Provide a custom windowHandlerand a customcookieHandlerwhich will make sure that the app works on safari and chrome incognito. These handlers will switch from usingdocument.cookiestolocalstorageto store tokens on the frontend (since safari doesn't allow access todocument.cookiesin iframes), and will use in memory storage for chrome incognito (since chrome incognito doesn't even allow access tolocalstorage). You can find implementations of these handlers here (windowHandler) and here (cookieHandler).
- ReactJS
- Angular
- Vue
Important
SuperTokens does not provide non-React UI components. So we will be using the 
supertokens-auth-react SDK and will inject the React components to show the UI. Therefore, the code snippet below refers to the supertokens-auth-react SDK.import SuperTokens from "supertokens-auth-react";
import Session from "supertokens-auth-react/recipe/session";
SuperTokens.init({
    cookieHandler,
    windowHandler,
    appInfo: {
        apiDomain: "...",
        appName: "...",
        websiteDomain: "..."
    },
    recipeList: [
        Session.init({
            tokenTransferMethod: "header",
            isInIframe: true
        })
    ]
});
Important
SuperTokens does not provide non-React UI components. So we will be using the 
supertokens-auth-react SDK and will inject the React components to show the UI. Therefore, the code snippet below refers to the supertokens-auth-react SDK.import SuperTokens from "supertokens-auth-react";
import Session from "supertokens-auth-react/recipe/session";
SuperTokens.init({
    cookieHandler,
    windowHandler,
    appInfo: {
        apiDomain: "...",
        appName: "...",
        websiteDomain: "..."
    },
    recipeList: [
        Session.init({
            tokenTransferMethod: "header",
            isInIframe: true
        })
    ]
});
import SuperTokens from "supertokens-auth-react";
import Session from "supertokens-auth-react/recipe/session";
SuperTokens.init({
    cookieHandler,
    windowHandler,
    appInfo: {
        apiDomain: "...",
        appName: "...",
        websiteDomain: "..."
    },
    recipeList: [
        Session.init({
            tokenTransferMethod: "header",
            isInIframe: true
        })
    ]
});
caution
Because of the restrictions on access to storage on Chrome incognito, we are forced to use an in memory storage to store the tokens on the frontend. This in turn implies that if the user refreshes the page, or if your app does a full page navigation, the user will be logged out.