Skip to content

SuperTokens

FeatureSupport
User management✅ Full
Organizations✅ Via multi-tenancy (each tenant = one organization)
Audit logs❌ Not supported
  1. Run the SuperTokens core

    Self-host the SuperTokens core or use SuperTokens managed cloud.

    For local development with Docker:

    Terminal window
    docker run -d \
    -p 3567:3567 \
    registry.supertokens.io/supertokens/supertokens-postgresql

    Note the connection URI (e.g. http://localhost:3567) and, if you have configured one, the API key in your config.yaml.

  2. Configure your SuperTokens backend SDK

    AUMS connects directly to the SuperTokens core using the CDI (Core Driver Interface). Your application’s backend SDK (Node.js, Python, etc.) must already be initialized with the EmailPassword and, optionally, the EmailVerification, UserMetadata, and Multitenancy recipes enabled.

    AUMS relies on these recipes for full user management:

    RecipePurpose in AUMS
    EmailPasswordCreate and update users (required)
    EmailVerificationMark emails as verified / unverified
    UserMetadataStore user display name (first / last name)
    MultitenancyManage organizations as SuperTokens tenants
  3. Set environment variables

    Terminal window
    PROVIDER=supertokens
    SUPERTOKENS_CONNECTION_URI=http://localhost:3567
    # Required for SuperTokens managed cloud, optional for self-hosted
    # SUPERTOKENS_API_KEY=your-api-key
    # Tenant used for user operations (default: public)
    # SUPERTOKENS_TENANT_ID=public

SuperTokens multi-tenancy maps directly to AUMS organizations: each SuperTokens tenant (other than the default tenant configured by SUPERTOKENS_TENANT_ID) is treated as an organization.

AUMS operationSuperTokens CDI call
List orgsGET /recipe/multitenancy/tenant/list/v2
Create orgPUT /recipe/multitenancy/tenant (tenantId = slug of name)
Delete orgPOST /recipe/multitenancy/tenant/remove
List membersGET /{tenantId}/users
Add memberPOST /recipe/multitenancy/tenant/user
Remove memberDELETE /recipe/multitenancy/tenant/user
  • Password required — AUMS creates users via the EmailPassword recipe. A password must be provided when creating a user.
  • Display name — First and last name are stored in the UserMetadata recipe under the keys first_name and last_name.
  • Blocked users — SuperTokens has no native block/suspend concept. The blocked field always returns false; block operations are silently ignored.
  • Email verification — Requires the EmailVerification recipe to be enabled in your SuperTokens backend SDK.

To protect the AUMS dashboard with SuperTokens SSO, configure an OIDC provider that wraps your SuperTokens deployment (e.g. via the OAuth2 provider recipe):

Terminal window
AUTH_CLIENT_OPENID_CONFIGURATION_URL=https://your-supertokens-app/.well-known/openid-configuration
AUTH_CLIENT_ID=your-oidc-client-id
AUTH_CLIENT_SECRET=your-oidc-client-secret