SuperTokens Passwordless Node.js Demo

What it is

This project is a minimal demonstration of passwordless authentication. It uses SuperTokens to generate single-use magic links sent via email (logged to console for demo purposes). The architecture consists of a PostgreSQL database, the SuperTokens Core service, a Node.js Express backend, and a static HTML frontend served via npx serve.

Features

Passwordless login via email magic links
Single-use link validation with 15-minute expiration
Session management with HTTP-only cookies
Dockerized SuperTokens Core and PostgreSQL
Vanilla JS frontend with no build step required

Architecture

flowchart TD
    User[User Browser]
    Frontend[Static Frontend Server]
    Backend[Node.js Express Backend]
    SuperTokensCore[SuperTokens Core]
    Database[PostgreSQL Database]
    User --> Frontend
    Frontend --> Backend
    Backend --> SuperTokensCore
    SuperTokensCore --> Database

How it's built

The backend is built with Node.js and Express, integrating the supertokens-node SDK for session management and passwordless logic. The SuperTokens Core runs in a Docker container backed by PostgreSQL. The frontend is a vanilla HTML/JS application that interacts with the backend API for login requests and session verification.

How it runs

sequenceDiagram
    participant User
    participant Frontend
    participant Backend
    participant SuperTokensCore
    participant Database
    User->>Frontend: Enter Email
    Frontend->>Backend: POST /auth/signinup/code
    Backend->>SuperTokensCore: Create Code
    SuperTokensCore->>Database: Store Code
    SuperTokensCore-->>Backend: Return Link Code
    Backend->>Backend: Log Magic Link
    Backend-->>Frontend: Success Response
    User->>Frontend: Click Magic Link
    Frontend->>Backend: GET /auth/signinup/code/consume
    Backend->>SuperTokensCore: Consume Code
    SuperTokensCore->>Database: Validate and Delete Code
    SuperTokensCore-->>Backend: Session Tokens
    Backend-->>Frontend: Set Cookies
    Frontend-->>User: Show Dashboard

How to apply & reuse

Use this repository as a reference implementation for integrating SuperTokens passwordless flow into a Node.js application. It demonstrates how to configure the core, override email delivery for testing, and handle frontend session states without a framework.

At a glance

CapabilitiesMagic Link GenerationSession VerificationEmail Delivery OverrideCORS HandlingHealth Check API

Componentsserver.jsindex.htmlappInfo.jsdocker-compose.yml.env

TechNode.jsExpressSuperTokensPostgreSQLDockerHTMLJavaScript

Depends onNode.js 14+DockerDocker Composenpx

Integrates withSuperTokens CorePostgreSQL

PatternsPasswordless AuthenticationMagic Link FlowSession ManagementMicroservices via Docker

Reuse tagsauthenticationpasswordlesssupertokensnodejsdockerprototype

⚠ Needs attention

unmerged_branch: dependabot/npm_and_yarn/npm_and_yarn-7e4948c94b is 1 commit ahead of the default branch
open_pr: PR #1: Bump nodemailer from 6.10.1 to 9.0.1 in the npm_and_yarn group across 1 directory