supertokens
diff --git a/‎CHANGELOG.md
Lines changed: 18 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 18 additions & 0 deletions
diff --git a/‎examples/with-django/with-thirdpartyemailpassword/project/settings.py
Lines changed: 1 addition & 1 deletion b/‎examples/with-django/with-thirdpartyemailpassword/project/settings.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/with-fastapi/with-thirdpartyemailpassword/main.py
Lines changed: 1 addition & 1 deletion b/‎examples/with-fastapi/with-thirdpartyemailpassword/main.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/with-flask/with-thirdpartyemailpassword/app.py
Lines changed: 1 addition & 1 deletion b/‎examples/with-flask/with-thirdpartyemailpassword/app.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎frontendDriverInterfaceSupported.json
Lines changed: 1 addition & 1 deletion b/‎frontendDriverInterfaceSupported.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎setup.py
Lines changed: 1 addition & 1 deletion b/‎setup.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎supertokens_python/constants.py
Lines changed: 1 addition & 1 deletion b/‎supertokens_python/constants.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎supertokens_python/framework/django/django_middleware.py
Lines changed: 3 additions & 3 deletions b/‎supertokens_python/framework/django/django_middleware.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎supertokens_python/framework/django/django_response.py
Lines changed: 6 additions & 3 deletions b/‎supertokens_python/framework/django/django_response.py
Lines changed: 6 additions & 3 deletions
diff --git a/‎supertokens_python/framework/fastapi/fastapi_middleware.py
Lines changed: 2 additions & 2 deletions b/‎supertokens_python/framework/fastapi/fastapi_middleware.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎supertokens_python/framework/fastapi/fastapi_response.py
Lines changed: 6 additions & 3 deletions b/‎supertokens_python/framework/fastapi/fastapi_response.py
Lines changed: 6 additions & 3 deletions
diff --git a/‎supertokens_python/framework/flask/flask_middleware.py
Lines changed: 2 additions & 2 deletions b/‎supertokens_python/framework/flask/flask_middleware.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎supertokens_python/framework/flask/flask_response.py
Lines changed: 7 additions & 4 deletions b/‎supertokens_python/framework/flask/flask_response.py
Lines changed: 7 additions & 4 deletions
diff --git a/‎supertokens_python/framework/response.py
Lines changed: 8 additions & 4 deletions b/‎supertokens_python/framework/response.py
Lines changed: 8 additions & 4 deletions
diff --git a/‎supertokens_python/recipe/emailpassword/api/implementation.py
Lines changed: 6 additions & 2 deletions b/‎supertokens_python/recipe/emailpassword/api/implementation.py
Lines changed: 6 additions & 2 deletions
diff --git a/‎supertokens_python/recipe/passwordless/api/implementation.py
Lines changed: 5 additions & 1 deletion b/‎supertokens_python/recipe/passwordless/api/implementation.py
Lines changed: 5 additions & 1 deletion
diff --git a/‎supertokens_python/recipe/session/__init__.py
Lines changed: 12 additions & 4 deletions b/‎supertokens_python/recipe/session/__init__.py
Lines changed: 12 additions & 4 deletions
@@ -6,6 +6,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## unreleased
+
+### Breaking changes
+
+-   The frontend SDK should be updated to a version supporting the header-based sessions!
+    -   supertokens-auth-react: >= 0.32.0
+    -   supertokens-web-js: >= 0.5.0
+    -   supertokens-website: >= 16.0.0
+    -   supertokens-react-native: >= 4.0.0
+    -   !!!TODO: re-check before release and add mobile SDKs
+- Only supporting FDI 1.16
+
+### Added
+
+-   Added support for authorizing requests using the `Authorization` header instead of cookies
+    -   Added `get_token_transfer_method` config option
+    -   Check out https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/token-transfer-method for more information
+
+
 # [0.11.13] - 2023-01-06
 
 - Add missing `original` attribute to flask response and remove logic for cases where `response` is `None`
 
@@ -65,7 +65,7 @@ def get_website_domain():
     framework="django",
     mode="wsgi",
     recipe_list=[
-        session.init(),
+        session.init(get_token_transfer_method=lambda _, __, ___: "cookie"),
         emailverification.init("REQUIRED"),
         thirdpartyemailpassword.init(
             providers=[
 
@@ -55,7 +55,7 @@ def get_website_domain():
     ),
     framework="fastapi",
     recipe_list=[
-        session.init(),
+        session.init(get_token_transfer_method=lambda _, __, ___: "cookie"),
         emailverification.init("REQUIRED"),
         thirdpartyemailpassword.init(
             providers=[
 
@@ -48,7 +48,7 @@ def get_website_domain():
     ),
     framework="flask",
     recipe_list=[
-        session.init(),
+        session.init(get_token_transfer_method=lambda _, __, ___: "cookie"),
         emailverification.init("REQUIRED"),
         thirdpartyemailpassword.init(
             providers=[
 
@@ -1,6 +1,6 @@
 {
     "_comment": "contains a list of frontend-driver interfaces branch names that this core supports",
     "versions": [
-        "1.15"
+        "1.16"
     ]
 }
@@ -70,7 +70,7 @@
 
 setup(
     name="supertokens_python",
-    version="0.11.13",
+    version="0.12.0",
     author="SuperTokens",
     license="Apache 2.0",
     author_email="[email protected]",
 
@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 SUPPORTED_CDI_VERSIONS = ["2.9", "2.10", "2.11", "2.12", "2.13", "2.14", "2.15"]
-VERSION = "0.11.13"
+VERSION = "0.12.0"
 TELEMETRY = "/telemetry"
 USER_COUNT = "/users/count"
 USER_DELETE = "/user/remove"
 
@@ -25,7 +25,7 @@ def middleware(get_response: Any):
     from supertokens_python.framework.django.django_request import DjangoRequest
     from supertokens_python.framework.django.django_response import DjangoResponse
     from supertokens_python.recipe.session import SessionContainer
-    from supertokens_python.supertokens import manage_cookies_post_response
+    from supertokens_python.supertokens import manage_session_post_response
 
     from django.http import HttpRequest
 
@@ -45,7 +45,7 @@ async def __asyncMiddleware(request: HttpRequest):
                 if hasattr(request, "supertokens") and isinstance(
                     request.supertokens, SessionContainer  # type: ignore
                 ):
-                    manage_cookies_post_response(
+                    manage_session_post_response(
                         request.supertokens, result  # type: ignore
                     )
                 if isinstance(result, DjangoResponse):
@@ -79,7 +79,7 @@ def __syncMiddleware(request: HttpRequest):
             if hasattr(request, "supertokens") and isinstance(
                 request.supertokens, SessionContainer  # type: ignore
             ):
-                manage_cookies_post_response(
+                manage_session_post_response(
                     request.supertokens, result  # type: ignore
                 )
             return result.response
 
@@ -14,7 +14,7 @@
 import json
 from datetime import datetime
 from math import ceil
-from typing import Any, Dict, Union
+from typing import Any, Dict, Optional
 
 from supertokens_python.framework.response import BaseResponse
 
@@ -42,7 +42,7 @@ def set_cookie(
         value: str,
         expires: int,
         path: str = "/",
-        domain: Union[str, None] = None,
+        domain: Optional[str] = None,
         secure: bool = False,
         httponly: bool = False,
         samesite: str = "lax",
@@ -69,11 +69,14 @@ def set_status_code(self, status_code: int):
     def set_header(self, key: str, value: str):
         self.response[key] = value
 
-    def get_header(self, key: str):
+    def get_header(self, key: str) -> Optional[str]:
         if self.response.has_header(key):
             return self.response[key]
         return None
 
+    def remove_header(self, key: str):
+        del self.response[key]
+
     def set_json_content(self, content: Dict[str, Any]):
         if not self.response_sent:
             self.set_header("Content-Type", "application/json; charset=utf-8")
 
@@ -38,7 +38,7 @@ async def dispatch(self, request: Request, call_next: RequestResponseEndpoint):
                 FastApiResponse,
             )
             from supertokens_python.recipe.session import SessionContainer
-            from supertokens_python.supertokens import manage_cookies_post_response
+            from supertokens_python.supertokens import manage_session_post_response
 
             st = Supertokens.get_instance()
             from fastapi.responses import Response
@@ -56,7 +56,7 @@ async def dispatch(self, request: Request, call_next: RequestResponseEndpoint):
                 if hasattr(request.state, "supertokens") and isinstance(
                     request.state.supertokens, SessionContainer
                 ):
-                    manage_cookies_post_response(request.state.supertokens, result)
+                    manage_session_post_response(request.state.supertokens, result)
                 if isinstance(result, FastApiResponse):
                     return result.response
             except SuperTokensError as e:
 
@@ -14,7 +14,7 @@
 import json
 from math import ceil
 from time import time
-from typing import Any, Dict, Union
+from typing import Any, Dict, Optional
 
 from supertokens_python.framework.response import BaseResponse
 
@@ -44,7 +44,7 @@ def set_cookie(
         value: str,
         expires: int,
         path: str = "/",
-        domain: Union[str, None] = None,
+        domain: Optional[str] = None,
         secure: bool = False,
         httponly: bool = False,
         samesite: str = "lax",
@@ -78,9 +78,12 @@ def set_cookie(
     def set_header(self, key: str, value: str):
         self.response.headers[key] = value
 
-    def get_header(self, key: str) -> Union[str, None]:
+    def get_header(self, key: str) -> Optional[str]:
         return self.response.headers.get(key, None)
 
+    def remove_header(self, key: str):
+        del self.response.headers[key]
+
     def set_status_code(self, status_code: int):
         if not self.status_set:
             self.response.status_code = status_code
 
@@ -33,7 +33,7 @@ def set_before_after_request(self):
         app = self.app
         from supertokens_python.framework.flask.flask_request import FlaskRequest
         from supertokens_python.framework.flask.flask_response import FlaskResponse
-        from supertokens_python.supertokens import manage_cookies_post_response
+        from supertokens_python.supertokens import manage_session_post_response
 
         from flask.wrappers import Response
 
@@ -65,7 +65,7 @@ def _(response: Response):
 
             response_ = FlaskResponse(response)
             if hasattr(g, "supertokens") and g.supertokens is not None:
-                manage_cookies_post_response(g.supertokens, response_)
+                manage_session_post_response(g.supertokens, response_)
 
             return response_.response
 
 
@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 import json
-from typing import Any, Dict, List, Union
+from typing import Any, Dict, List, Optional
 
 from supertokens_python.framework.response import BaseResponse
 
@@ -40,7 +40,7 @@ def set_cookie(
         value: str,
         expires: int,
         path: str = "/",
-        domain: Union[str, None] = None,
+        domain: Optional[str] = None,
         secure: bool = False,
         httponly: bool = False,
         samesite: str = "lax",
@@ -57,11 +57,14 @@ def set_cookie(
         )
 
     def set_header(self, key: str, value: str):
-        self.response.headers.add(key, value)
+        self.response.headers.set(key, value)
 
-    def get_header(self, key: str) -> Union[None, str]:
+    def get_header(self, key: str) -> Optional[str]:
         return self.response.headers.get(key)
 
+    def remove_header(self, key: str):
+        del self.response.headers[key]
+
     def set_status_code(self, status_code: int):
         if not self.status_set:
             self.response.status_code = status_code
 
@@ -13,7 +13,7 @@
 # under the License.
 
 from abc import ABC, abstractmethod
-from typing import Any, Dict, Union
+from typing import Any, Dict, Optional
 
 
 class BaseResponse(ABC):
@@ -31,19 +31,23 @@ def set_cookie(
         #    max_age: Union[int, None] = None,
         expires: int,
         path: str = "/",
-        domain: Union[str, None] = None,
+        domain: Optional[str] = None,
         secure: bool = False,
         httponly: bool = False,
         samesite: str = "lax",
     ):
         pass
 
     @abstractmethod
-    def set_header(self, key: str, value: str):
+    def set_header(self, key: str, value: str) -> None:
         pass
 
     @abstractmethod
-    def get_header(self, key: str) -> Union[str, None]:
+    def get_header(self, key: str) -> Optional[str]:
+        pass
+
+    @abstractmethod
+    def remove_header(self, key: str) -> None:
         pass
 
     @abstractmethod
 
@@ -169,7 +169,9 @@ async def sign_in_post(
 
         user = result.user
         session = await create_new_session(
-            api_options.request, user.user_id, user_context=user_context
+            api_options.request,
+            user.user_id,
+            user_context=user_context,
         )
         return SignInPostOkResult(user, session)
 
@@ -204,6 +206,8 @@ async def sign_up_post(
 
         user = result.user
         session = await create_new_session(
-            api_options.request, user.user_id, user_context=user_context
+            api_options.request,
+            user.user_id,
+            user_context=user_context,
         )
         return SignUpPostOkResult(user, session)
@@ -288,7 +288,11 @@ async def consume_code_post(
                     )
 
         session = await create_new_session(
-            api_options.request, user.user_id, {}, {}, user_context=user_context
+            api_options.request,
+            user.user_id,
+            {},
+            {},
+            user_context=user_context,
         )
 
         return ConsumeCodePostOkResult(
 
@@ -13,18 +13,18 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Callable, Union
+from typing import TYPE_CHECKING, Any, Callable, Dict, Union
 
 from typing_extensions import Literal
 
 if TYPE_CHECKING:
     from ...recipe_module import RecipeModule
-    from supertokens_python.supertokens import AppInfo
+    from supertokens_python.supertokens import AppInfo, BaseRequest
+    from .utils import TokenTransferMethod
 
 from . import exceptions as ex
+from . import interfaces, utils
 from .recipe import SessionRecipe
-from . import utils
-from . import interfaces
 
 InputErrorHandlers = utils.InputErrorHandlers
 InputOverrideConfig = utils.InputOverrideConfig
@@ -39,6 +39,13 @@ def init(
     cookie_same_site: Union[Literal["lax", "none", "strict"], None] = None,
     session_expired_status_code: Union[int, None] = None,
     anti_csrf: Union[Literal["VIA_TOKEN", "VIA_CUSTOM_HEADER", "NONE"], None] = None,
+    get_token_transfer_method: Union[
+        Callable[
+            [BaseRequest, bool, Dict[str, Any]],
+            Union[TokenTransferMethod, Literal["any"]],
+        ],
+        None,
+    ] = None,
     error_handlers: Union[InputErrorHandlers, None] = None,
     override: Union[InputOverrideConfig, None] = None,
     jwt: Union[JWTConfig, None] = None,
@@ -50,6 +57,7 @@ def init(
         cookie_same_site,
         session_expired_status_code,
         anti_csrf,
+        get_token_transfer_method,
         error_handlers,
         override,
         jwt,
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"_comment": "contains a list of frontend-driver interfaces branch names that this core supports",`
`3`	`3`	`"versions": [`
`4`		`- "1.15"`
	`4`	`+ "1.16"`
`5`	`5`	`]`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -288,7 +288,11 @@ async def consume_code_post(`
`288`	`288`	`)`
`289`	`289`
`290`	`290`	`session = await create_new_session(`
`291`		`- api_options.request, user.user_id, {}, {}, user_context=user_context`
	`291`	`+ api_options.request,`
	`292`	`+ user.user_id,`
	`293`	`+ {},`
	`294`	`+ {},`
	`295`	`+ user_context=user_context,`
`292`	`296`	`)`
`293`	`297`
`294`	`298`	`return ConsumeCodePostOkResult(`