supertokens
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/add-mfa-to-nextjs/Planning-MFA—4-Questions-to-Answer-Before-You-Code.png‎
83.9 KB b/‎content/add-mfa-to-nextjs/Planning-MFA—4-Questions-to-Answer-Before-You-Code.png‎
83.9 KB
diff --git a/‎content/add-mfa-to-nextjs/Popular-MFA-Methods-You-Can-Enable-in-Next.js.png‎
909 KB b/‎content/add-mfa-to-nextjs/Popular-MFA-Methods-You-Can-Enable-in-Next.js.png‎
909 KB
diff --git a/‎content/add-mfa-to-nextjs/Supertokens.png‎
311 KB b/‎content/add-mfa-to-nextjs/Supertokens.png‎
311 KB
diff --git a/‎content/add-mfa-to-nextjs/index.md‎
Lines changed: 168 additions & 0 deletions b/‎content/add-mfa-to-nextjs/index.md‎
Lines changed: 168 additions & 0 deletions
diff --git a/‎content/all-you-need-to-know-about-user-session-security/index.md‎
Lines changed: 1 addition & 1 deletion b/‎content/all-you-need-to-know-about-user-session-security/index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/express-session-vs-supertokens-for-handling-user-sessions/index.md‎
Lines changed: 1 addition & 1 deletion b/‎content/express-session-vs-supertokens-for-handling-user-sessions/index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/launch-week-02-open-source-auth-plugins/index.md‎
Lines changed: 100 additions & 0 deletions b/‎content/launch-week-02-open-source-auth-plugins/index.md‎
Lines changed: 100 additions & 0 deletions
@@ -12,7 +12,7 @@ Please refer to the [CONTRIBUTING.md](https://github.com/supertokens/blog/blob/m
 
 ## Contact us
 
-For any queries, or support requests, please email us at team@supertokens.com, or join our [Discord](https://www.supertokens.com/discord) server.
+For any queries, or support requests, please email us at support@supertokens.com, or join our [Discord](https://www.supertokens.com/discord) server.
 
 ## Authors
 
 
@@ -214,7 +214,7 @@ Man in the middle (MITM) attacks are possible in the following scenarios.
 2. When using a Proxy: </br> Two of the last three organizations I worked at, monitored all the traffic on their network. At workplaces, devices likely use the corporate wifi network. Companies can enable the connected devices to trust their network proxy as an SSL Certificate Authority as a prerequisite to connect to the wifi. This would enable them (or a malicious actor) to see auth token information during transmission.
 
 **Methods of prevention:**</br>
-The easiest way to protect against this type of attack is to use https and secure cookies throughout your application. However, this doesn’t prevent attacks that result from the use of a proxy. One could take extra precaution by using public/private keys that are fixed per device. The frontend and backend would exchange these public keys at the point of initialization (before the user logs in). For subsequent communication, the token data could be encrypted using the public keys. This limits transit attacks to only the initial public key exchange. There is a modification that would enable the prevention of replay attacks but that is not covered in this blog post. (Feel free to [reach out](mailto:team@supertokens.com) if you would like to know more). Regardless, some of the described flows (flow 5 and the proposed flow in [Part 2](/blog/the-best-way-to-securely-manage-user-sessions)) aim to minimize exposure of the critical token by reducing its frequency of transit.
+The easiest way to protect against this type of attack is to use https and secure cookies throughout your application. However, this doesn’t prevent attacks that result from the use of a proxy. One could take extra precaution by using public/private keys that are fixed per device. The frontend and backend would exchange these public keys at the point of initialization (before the user logs in). For subsequent communication, the token data could be encrypted using the public keys. This limits transit attacks to only the initial public key exchange. There is a modification that would enable the prevention of replay attacks but that is not covered in this blog post. (Feel free to [reach out](mailto:support@supertokens.com) if you would like to know more). Regardless, some of the described flows (flow 5 and the proposed flow in [Part 2](/blog/the-best-way-to-securely-manage-user-sessions)) aim to minimize exposure of the critical token by reducing its frequency of transit.
 
 ### OAuth token theft
 
 
@@ -195,7 +195,7 @@ It’s clear that if using express-session, it’s very likely that an organisat
 
 ## Conclusion:
 
-We can see that SuperTokens clearly wins out on the metrics we have chosen. Not just that, it’s only going to get much better over time as we expand on the number of frameworks we support as well as add more amazing features! Overall, it is much more secure and complete. Of course, I am a little biased towards SuperTokens because I am one of the contributors to the library, but I think I have compared the two libraries fairly. If you find that there are some metrics I have missed where Express-session performs better, or if you have any general feedback, please drop a comment or send us an [email](mailto:team@supertokens.com).
+We can see that SuperTokens clearly wins out on the metrics we have chosen. Not just that, it’s only going to get much better over time as we expand on the number of frameworks we support as well as add more amazing features! Overall, it is much more secure and complete. Of course, I am a little biased towards SuperTokens because I am one of the contributors to the library, but I think I have compared the two libraries fairly. If you find that there are some metrics I have missed where Express-session performs better, or if you have any general feedback, please drop a comment or send us an [email](mailto:support@supertokens.com).
 
 To learn more about Sessions, please visit our other blogs and our website:
 
 
@@ -0,0 +1,100 @@
+---
+title: "SuperTokens Launch Week 02: 7 Open-Source Auth Plugins" 
+date: "2025-10-10"
+description: "Open-source auth plugins you’ll reuse: profiling, banning, CAPTCHA, tenancy tools, and telemetry. React/Node ready. "
+cover: "launch-week-02-open-source-auth-plugins.png"
+category: "programming"
+author: "Darko Bozhinovski"
+---
+
+
+We just wrapped up **SuperTokens Launch Week 02** — five days of shipping new tools to solve some of the most common and time-consuming problems in authentication.
+
+The vision is simple: a world where you can run a single command and have auth just work, regardless of your stack. This week was a step in that direction.
+
+If you missed it, here’s a full breakdown.
+
+---
+
+## The Problem: You Keep Building the Same Things Over and Over
+
+Authentication isn’t just about logging in. It’s often about managing the entire user lifecycle — profile pages, moderation tools, bot protection, and routing logic for multi-tenant apps.  
+
+These are solved problems, yet we find ourselves rebuilding them for almost every new project. It’s repetitive, distracting, and keeps you from focusing on your core product.  
+We want to eliminate that waste.
+
+---
+
+## The Solution: A New Set of SuperTokens Plugins
+
+This week, we expanded beyond core authentication to deliver an ecosystem of **easy-to-use, open-source plugins**. Each one tackles a problem developers face repeatedly.
+
+Here’s what we shipped:
+
+---
+
+### 🧩 Day 1: The Profile Family of Plugins
+
+Stop building user profile pages from scratch.  
+This plugin family gives you a ready-to-go, customizable profile page and a **progressive profiling system** to gather user info over time without overwhelming them at sign-up.
+
+**Check them out here:**
+- [Progressive Profiling](https://supertokens.com/docs/post-authentication/user-management/progressive-profiling)
+
+---
+
+### 🤖 Day 2: The Captcha Plugin
+
+Spambots are a constant headache.  
+Our **Captcha plugin** makes it trivial to add **hCaptcha**, **reCAPTCHA**, or another provider to your SuperTokens forms — just configure and go.
+
+**Check them out here:**
+- [Captcha Plugin](https://supertokens.com/docs/additional-verification/captcha)
+
+---
+
+### 🚫 Day 3: The User Banning Plugin
+
+Every community needs moderation.  
+This plugin lets you **ban bad actors instantly** — no custom moderation code required.
+
+**Check them out here:**
+- [User Banning](https://supertokens.com/docs/post-authentication/user-management/user-banning)
+
+---
+
+### 🏢 Day 4: The Tenant Management Family of Plugins
+
+For SaaS and B2B apps, multi-tenancy is often messy.  
+We shipped two plugins to simplify it:
+
+- **Tenant Discovery:** Handles routing users to the right tenant automatically.  
+- **Tenant Self-Management:** Makes tenant setup and maintenance far easier.
+
+**Check them out here:**
+- [Tenant Discovery](https://supertokens.com/docs/authentication/enterprise/tenant-discovery)
+
+---
+
+### 🔍 Day 5: The OpenTelemetry Plugin
+
+Finally, we brought **deep observability** to your auth layer.  
+Our **OpenTelemetry plugin** gives you a behind-the-scenes look at the SuperTokens SDK — allowing you to **trace flows, monitor performance, and debug issues with precision**.
+
+**Check it out here:**
+- [OpenTelemetry Plugin](https://supertokens.com/docs/deployment/telemetry)
+
+---
+
+## Why This Matters
+
+Authentication should be a solved problem.  
+Our goal is to bring **SuperTokens to your stack**, not force your stack to bend around us. These plugins abstract away the boilerplate so you can focus on building what makes your product unique.
+
+This is just the beginning.  
+We’re already working on the next wave of plugins — and we can’t wait to see what you build with them.
+
+---
+
+Thanks for following along with our first Launch Week.  
+We can’t wait to see what you build.