Skip to content

Commit

Permalink
Merge branch 'master' of github.com:supertokens/blog into blog/securi…
Browse files Browse the repository at this point in the history
…ng-password-reset-tokens
  • Loading branch information
Chakravarthy7102 committed Oct 5, 2023
2 parents faae5ae + ac22b9e commit 2733c7e
Show file tree
Hide file tree
Showing 28 changed files with 409 additions and 21 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
284 changes: 284 additions & 0 deletions content/all-you-need-to-know-about-user-session-security/index.md

Large diffs are not rendered by default.

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -191,8 +191,7 @@ At the time of writing this article, the SuperTokens feature set is completely f

- #### Managed Service:
- Free for the first **5000 MAUs** .
- **$29/month** for every **5000 MAUs** beyond the free limit of up to **50000 MAUs**.
- Custom pricing beyond **50000 MAUs**
- 2 cents / MAU post the first **5000 MAUs**.

### So is SuperTokens the way to go?
SuperToken's feature set and pricing make it a great choice for startups and mid-level businesses, but it may not be the best fit for large organisations that require enterprise features.
Expand Down
12 changes: 6 additions & 6 deletions content/how-to-create-an-invite-only-auth-flow/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,13 @@ Follow the prompts on-screen and set up an app with a React frontend, and NodeJs
We can now start customizing the authentication flows to enable invite-only authentication

## Step 1: Disable Sign Ups
If you were to run the example application now, you will be greeted with the authentication page. This page allows you to sign users up. We will need to disable the sign-up UI on the frontend and disable the sign up API on the backend.
If you were to run the example application now, you would be greeted with the authentication page. This page allows you to sign users up. We will need to disable the sign-up UI on the frontend and disable the sign up API on the backend.

![SuperTokens Sign Up screen](./sign-in-screen.png)

### Disable the sign up UI in SuperTokens Frontend config

We can customize the frontend UI and use CSS to to hide the sign up button.
We can customize the frontend UI and use CSS to hide the sign up button.

```tsx
import SuperTokens from "supertokens-auth-react";
Expand Down Expand Up @@ -102,12 +102,12 @@ SuperTokens.init({
## Step 2: Creating the invite-only flow

### Create a protected API that will create users and send invite links
To create users and send them an invite links we will need to create an API on the backend which will:
To create users and send them invite links we will need to create an API on the backend which will:

- Call the `signUp` function from the SuperTokens backend SDK using the user's email and a fake password. This fake password should be unguessable and should be shared across all invited users.
- Generate a password reset link and send that as an invite link to the user's email.
- Once the user clicks the link, they will be shown a page asking them to input their password after which, they can login.
- Finally we add an access control check to make sure that only users with the `admin` role can add additional users.
- Finally, we add an access control check to make sure that only users with the `admin` role can add additional users.

```ts

Expand Down Expand Up @@ -144,7 +144,7 @@ app.post("/create-user", verifySession({

>Note:
> - The code above uses the default password reset path for the invite link (`/auth/reset-password`). You can create custom UI hosted on another path and use the password reset functions provided by the SuperTOkens frontend SDK to call the password reset token consumption API from the frontend.
> - Additionally the `sendResetPasswordEmail` function uses the default password reset email(or the one customized using the emailDelivery config). If you would like to create the reset password link and send it yourself, you can use the `createResetPasswordLink` function to generate the password reset string.
> - Additionally, the `sendResetPasswordEmail` function uses the default password reset email(or the one customized using the emailDelivery config). If you would like to create the reset password link and send it yourself, you can use the `createResetPasswordLink` function to generate the password reset string.
### Ensure that invited users have reset their passwords

Expand Down Expand Up @@ -220,4 +220,4 @@ SuperTokens.init({
And that's it! Your app now only allows invited users to log in. Once a user is invited they will be sent an email asking to reset their password post which they are able to sign in.

## Conclusion
Although there a few customizations that needed to be made, setting up an invite only flow with SuperTokens is pretty straight forward. You can find the related [documentation for the invite flow here](https://supertokens.com/docs/emailpassword/common-customizations/disable-sign-up/emailpassword-changes) if you need the code for other languages/frameworks.
Although there are a few customizations that needed to be made, setting up an invite only flow with SuperTokens is pretty straight forward. You can find the related [documentation for the invite flow here](https://supertokens.com/docs/emailpassword/common-customizations/disable-sign-up/emailpassword-changes) if you need the code for other languages/frameworks.
64 changes: 64 additions & 0 deletions content/how-we-cut-our-aws-costs-part-2/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
title: How we used multi-tenancy to cut our AWS costs by 50%
date: "2023-10-01"
description: "Part 2 in a series of howe we were able to cut down our AWS infrastructure costs by more than 50%"
cover: "how-we-cut-our-aws-costs-part-2.png"
category: "programming"
author: "Joel Coutinho"
---

[**Part 1: How does the SuperTokens managed service work and why does it need to change.**](./how-we-cut-our-aws-costs/)

**Part 2: Using multi-tenancy to cut our AWS infra costs by by more than 50%**

In this part we will go over SuperTokens Multi-tenancy feature and how it evolved our deployment cycle to cut our AWS billing by 50%.

Here's what we covered in our [last post](./how-we-cut-our-aws-costs/):
- SuperTokens infrastructure and deployment cycle.
- Improvements made to the SuperTokens deployment cycle to speed up production deployment times by 30%
- How our infra costs were not sustainable and why it needed to change.

## What is multi-tenancy?

As mentioned in Part 1, "We saw multi-tenancy as an opportunity to optimize the utilization of our EC2 instances by consolidating our core instances. This would cut down our costs while also providing the expected performance"... But what does that mean? Lets break it down. Multi-tenancy is a feature, typically used by B2B SaaS companies to allow multiple organizations to sign up to their SaaS app, with the ability for each organization to have their own login methods or SSO configurations. Additionally, user pools can also be segmented. Heres how it helped us.

## How we implemented SuperTokens Multi-tenancy

With multi-tenancy we re-architected the way we host and manage our users. Initially whenever a signed up and created an app with SuperTokens, it would trigger the following flow:

![SuperTokens Old Deployment Process](./supertokens-deployment-process.png)

In this process each development and production SuperTokens core ran in their own separate EC2 instances. With Multi-tenancy we now treat all SuperTokens customers as tenants. This means that we could now host multiple users on a single SuperTokens instance. Our deployment process now looks like this:

![SuperTokens New Deployment Process](./supertokens-deployment-process-new.png.png)

As you can see in the new deployment strategy, when a new user signs up, we now create a new tenant in a SuperTokens instance. These instances run in `T3 large` instances. In our testing, for development mode, up to 100 tenants can be run seamlessly on a single instance and for production mode, up to 50 tenants can be created on single instance.

![SuperTokens infrastructure](./supertokens-infrastructure.png)

## What are the benefits of the new architecture?

### 1. Cost Savings

Well the biggest difference post this change is the cost savings.

Heres a bill for the month of July before the multi-tenancy changes kicked-in:

![SuperTokens AWS bill for July](./supertokens-aws-bill-july.png)

And heres the bill for September, post the changes going live

![SuperTokens AWS bill for September](./supertokens-aws-bill-september.png)

When compared, its **54%** down

![SuperTokens Pricing comparison](./supertokens-pricing-comparison.png)

### 2. Improved start up time

Another improvement was app startup time. In the new architecture, creating a new user is as simple as creating a new tenant. When compared to the old process, the new architecture is about 94% faster and new apps can be crated in seconds.


## Conclusion

Multi-tenancy with SuperTokens is a powerful feature that enables businesses to create unique authentication flows for their customers, segment users into unique user pools and automatically create new new tenants. For SuperTokens, multi-tenancy allowed us to consolidate our user applications to save on resources, but, your use case maybe very different. You can learn more about how multi-tenancy works and the experiences it enables by visiting the [multi-tenancy feature page](https://supertokens.com/features/multi-tenancy)
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 3 additions & 1 deletion content/how-we-cut-our-aws-costs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ In this two part series we will go over SuperTokens manged service infrastructur

**Part 1: How does the SuperTokens managed service work and why does it need to change.**

[**Part 2: Using multi-tenancy to cut our AWS infra costs by by more than 50%**](./how-we-cut-our-aws-costs-part-2/)

## Introduction

The SuperTokens managed service powers numerous web products, mobile applications, and services and is primarily hosted on AWS. Our infrastructure leverages a suite of AWS tools, including AWS RDS for our database, EC2 instances for SuperToken deployments, and System Manager for instance management and automation. Over time, we've refined our deployment cycle to enhance stability, fault tolerance, and cost efficiency but our most recent update has yielded our biggest savings yet, slashing costs by over 50% while achieving [record scalability](https://twitter.com/supertokensio/status/1701600309397852270).
Expand Down Expand Up @@ -46,7 +48,7 @@ So what prompted us to change our deployment process?
## Why we had to change our deployment process
The past year has been quite a ride for SuperTokens. We released a host of new features and saw a big uptick in users. But, as our user numbers climbed, so did our infrastructure costs. With our AWS credits running out soon, we knew we had to do something to cut our expenses.

With the release of our new multi-tenancy feature we saw the opportunity to consolidate core instances to optimize the utilization of our EC2 instances to cut down our costs while also providing the expected performance.
With the release of our new multi-tenancy feature we saw it as an opportunity to optimize the utilization of our EC2 instances by consolidating our core instances. This would cut down our costs while also providing the expected performance.

In part 2 we will go over the changes we made to achieve this.

12 changes: 0 additions & 12 deletions src/blog-details.js
Original file line number Diff line number Diff line change
Expand Up @@ -96,16 +96,4 @@ module.exports = [
cover: "the-best-way-to-securely-manage-user-sessions.png"
}
},
{
fields: {
slug: "/all-you-need-to-know-about-user-session-security",
},
frontmatter: {
title: "All you need to know about user session security",
description: "This article covers extensive conversations with over 70+ developers exploring different session management practices, identifying issues and converging on a solution to these issues. ",
category: "sessions, featured",
date: "June 07, 2019",
cover: "all-you-need-to-know-about-user-session-security.png"
}
},
]
25 changes: 25 additions & 0 deletions src/styles/style.css
Original file line number Diff line number Diff line change
Expand Up @@ -473,4 +473,29 @@ section[itemprop="articleBody"] img[src$=".gif"] {
display: block;
max-width: 100%;
margin: 0 auto;
}

.primary-button{
font-family: Rubik,sans-serif;

display: block;
width: 200px;
margin: 40px auto;
border-radius: 6px;
background-color: #f93;
box-shadow: 2px 2px 6px 0 rgba(0,0,0,.16);
font-size: 24px;
line-height: 40px;
font-weight: 700;
text-align: center;

padding: 9px 15px;
color: #fff;
border: 0;
text-decoration: none !important;
cursor: pointer;
}

.primary-button:hover{
box-shadow: 2px 2px 20px 0 rgba(0,0,0,.16);
}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
23 changes: 23 additions & 0 deletions static/blog-seo/config.json
Original file line number Diff line number Diff line change
Expand Up @@ -665,5 +665,28 @@
],
"title": "How to create an invite-only auth flow in 2023",
"schema": "<script type=\"application/ld+json\">\n{\"@context\":\"https://schema.org\",\"@type\":\"Article\",\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"https://supertokens.com/blog/how-to-create-an-invite-only-auth-flow\"},\"headline\":\"How to create an invite-only auth flow in 2023\",\"image\":\"https://supertokens.com/blog-meta-images/how-to-create-an-invite-only-auth-flow.png\",\"author\":{\"@type\":\"Organization\",\"name\":\"SuperTokens\",\"url\":\"https://supertokens.com\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"SuperTokens\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https://supertokens.com/static/assets/dark-home/logo.png\"}}}</script>"
},
{
"path": "/blog/how-we-cut-our-aws-costs-part-2",
"metaTags": [
"<meta name=\"description\" content=\"Part 2 in a series of howe we were able to cut down our AWS infrastructure costs by more than 50%\" />",
"",
"<meta name=\"keywords\" content=\"aws, cost optimization, open source, authentication\" />",
"<!--OG Tags-->",
"<meta property=\"og:title\" content=\"How we used multi-tenancy to cut our AWS costs by 50%\" />",
"<meta property=\"og:type\" content=\"article\" />",
"<meta property=\"og:url\" content=\"https://supertokens.com/blog/how-we-cut-our-aws-costs-part-2\" />",
"<meta property=\"og:description\" content=\"Part 2 in a series of howe we were able to cut down our AWS infrastructure costs by more than 50%\" /\"/>",
"<meta property=\"og:image\" content=\"https://supertokens.com/blog-meta-images/how-we-cut-our-aws-costs-part-2.png\" />",
"",
"<meta name=\"twitter:card\" content=\"summary_large_image\" />",
"<meta name=\"twitter:title\" content=\"How we used multi-tenancy to cut our AWS costs by 50%\" />",
"<meta name=\"twitter:description\" content=\"part 2 in a series of howe we were able to cut down our AWS infrastructure costs by more than 50%%\" />",
"<meta name=\"twitter:url\" content=\"https://supertokens.com/blog/how-we-cut-our-aws-costs-part-2\" />",
"<meta name=\"twitter:image\" content=\"https://supertokens.com/blog-meta-images/how-we-cut-our-aws-costs-part-2.png\" /> ",
"<!--OG Tags-->"
],
"title": "How we used multi-tenancy to cut our AWS costs by 50%",
"schema": "<script type=\"application/ld+json\">\n{\"@context\":\"https://schema.org\",\"@type\":\"Article\",\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"https://supertokens.com/blog/how-we-cut-our-aws-costs\"},\"headline\":\"How we used multi-tenancy to cut our AWS costs by 50%\",\"image\":\"https://supertokens.com/blog-meta-images/how-we-cut-our-aws-costs-part-2.png\",\"author\":{\"@type\":\"Organization\",\"name\":\"SuperTokens\",\"url\":\"https://supertokens.com\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"SuperTokens\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https://supertokens.com/static/assets/dark-home/logo.png\"}}}</script>"
}
]
3 changes: 3 additions & 0 deletions static/blog-seo/sitemapconfig.json
Original file line number Diff line number Diff line change
Expand Up @@ -70,5 +70,8 @@
},
{
"location": "https://supertokens.com/blog/how-to-create-an-invite-only-auth-flow"
},
{
"location": "https://supertokens.com/blog/how-we-cut-our-aws-costs-part-2"
}
]
Binary file modified static/card_covers/how-to-create-an-invite-only-auth-flow.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified static/covers/how-to-create-an-invite-only-auth-flow.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added static/covers/how-we-cut-our-aws-costs-part-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 2733c7e

Please sign in to comment.