Thank you for your candid feedback. Those reasons were also echoed in our user research as we were dedicating ourselves to the project.
Could you please share why you think those arent good enough reasons? Ofcourse, social proof is important regardless. SuperTokens is being used in the real world, in production. Would you like to see more people using it or some recognizable entreprise brand names?
It's not the technique that makes me wary - it's that the way it reads is that you've built this because you found the documentation for existing solutions to be too complex which is a massive red flag with regards to anything security related.
Essentially it sounds like "doing security is hard so we did something simpler and ignored the complicated parts we couldn't understand".
As you've explained it above that's clearly not what you meant at all so maybe edit the website to call out a bit more clearly what your reasons are for building this and what other people's complaints are about existing systems? (Maybe in one of those side-by-side feature matrices showing the benefits of your implementation?)
Will definitely check this out when I have some time though!
Actually we offer the most secure way of managing session tokens. We were the first provider to implement token theft detection using rotating refresh tokens (and most still dont). Auth0 even uses one of our libraries for solving for edge cases. I dont think that good security = complex documentation. Its about the way you abstract away the complexity.
Will factor your feedback when we design the website and think about communication.
Please do let me know when you've had a chance to check it out. Would be happy to hear your feedback
Could you please share why you think those arent good enough reasons? Ofcourse, social proof is important regardless. SuperTokens is being used in the real world, in production. Would you like to see more people using it or some recognizable entreprise brand names?