SuperTokens
Feature availability
Section titled “Feature availability”| Feature | Support |
|---|---|
| User management | ✅ Full |
| Organizations | ✅ Via multi-tenancy (each tenant = one organization) |
| Audit logs | ❌ Not supported |
-
Run the SuperTokens core
Self-host the SuperTokens core or use SuperTokens managed cloud.
For local development with Docker:
Terminal window docker run -d \-p 3567:3567 \registry.supertokens.io/supertokens/supertokens-postgresqlNote the connection URI (e.g.
http://localhost:3567) and, if you have configured one, the API key in yourconfig.yaml. -
Configure your SuperTokens backend SDK
AUMS connects directly to the SuperTokens core using the CDI (Core Driver Interface). Your application’s backend SDK (Node.js, Python, etc.) must already be initialized with the EmailPassword and, optionally, the EmailVerification, UserMetadata, and Multitenancy recipes enabled.
AUMS relies on these recipes for full user management:
Recipe Purpose in AUMS EmailPasswordCreate and update users (required) EmailVerificationMark emails as verified / unverified UserMetadataStore user display name (first / last name) MultitenancyManage organizations as SuperTokens tenants -
Set environment variables
Terminal window PROVIDER=supertokensSUPERTOKENS_CONNECTION_URI=http://localhost:3567# Required for SuperTokens managed cloud, optional for self-hosted# SUPERTOKENS_API_KEY=your-api-key# Tenant used for user operations (default: public)# SUPERTOKENS_TENANT_ID=public
Organizations
Section titled “Organizations”SuperTokens multi-tenancy maps directly to AUMS organizations: each SuperTokens
tenant (other than the default tenant configured by SUPERTOKENS_TENANT_ID) is
treated as an organization.
| AUMS operation | SuperTokens CDI call |
|---|---|
| List orgs | GET /recipe/multitenancy/tenant/list/v2 |
| Create org | PUT /recipe/multitenancy/tenant (tenantId = slug of name) |
| Delete org | POST /recipe/multitenancy/tenant/remove |
| List members | GET /{tenantId}/users |
| Add member | POST /recipe/multitenancy/tenant/user |
| Remove member | DELETE /recipe/multitenancy/tenant/user |
User management notes
Section titled “User management notes”- Password required — AUMS creates users via the EmailPassword recipe. A password must be provided when creating a user.
- Display name — First and last name are stored in the UserMetadata recipe
under the keys
first_nameandlast_name. - Blocked users — SuperTokens has no native block/suspend concept. The
blockedfield always returnsfalse; block operations are silently ignored. - Email verification — Requires the EmailVerification recipe to be enabled in your SuperTokens backend SDK.
OIDC login (optional)
Section titled “OIDC login (optional)”To protect the AUMS dashboard with SuperTokens SSO, configure an OIDC provider that wraps your SuperTokens deployment (e.g. via the OAuth2 provider recipe):
AUTH_CLIENT_OPENID_CONFIGURATION_URL=https://your-supertokens-app/.well-known/openid-configurationAUTH_CLIENT_ID=your-oidc-client-idAUTH_CLIENT_SECRET=your-oidc-client-secret