I'm not sure... In our case website/iframe domains are different but they're both using https

yes that's in production. However in dev, they will be http correct?

I'm using ngrok for development, so it's https too

oooo! understood.

Will try and fix this today.

@User Can you please do the following and then try to use the iframe and see if it works: - Go to supertokens-website folder inside node_modules - In there, open lib > build > fetch.js - For each of the following lines, add

samesite=none

at the end of the string (before the closing "). For example, if a line is

ID_REFRESH_TOKEN_NAME + "=" + cookieVal + ";expires=" + expires + ";path=/";

, then change it to

ID_REFRESH_TOKEN_NAME + "=" + cookieVal + ";expires=" + expires + ";path=/;samesite=none";

Lines: - https://github.com/supertokens/supertokens-website/blob/master/lib/build/fetch.js#L1138 - https://github.com/supertokens/supertokens-website/blob/master/lib/build/fetch.js#L1141 - https://github.com/supertokens/supertokens-website/blob/master/lib/build/fetch.js#L1221 - https://github.com/supertokens/supertokens-website/blob/master/lib/build/fetch.js#L1224 - https://github.com/supertokens/supertokens-website/blob/master/lib/build/fetch.js#L1318 - https://github.com/supertokens/supertokens-website/blob/master/lib/build/fetch.js#L1321

Also, you may want to set

antiCsrf

value in the backend (Session.init) to

"VIA_TOKEN"

. Since you will be using an iframe.

Yes. I'll get back in a couple of hours with the result of this.

thanks!

@User instead of trying the above, please try the following: - Update your supertokens-auth-react dependency to

supertokens/supertokens-auth-react#0.13

- Delete yarn.lock file, and run

yarn install

. This should install new versions of

supertokens-auth-react

(0.13.0) and

supertokens-website

(7.1.0). - In the frontend config, change

SessionReact.init()

to

SessionReact.init({ isInIframe: true })

. - In backend config, change

SessionNode.init({ cookieSameSite: "none" })

to

SessionNode.init({ cookieSameSite: "none", antiCsrf: "VIA_TOKEN" })

- Try logging in via the iframe, and it should work.

I'm farting about with the supertokens context in react, and i'm finding the variables im getting from useSessionContext() aren't updating when i log in or log out. I am misunderstanding contexts or is this supposed to happen automatically?

@Healsies yea that’s an open issue at the moment. Have you wrapped your entire app with the auth wrapper? Or just individual routes that need auth to be accessed?

If you use them with individual routes that need auth to be accessed, it will work just fine (since logged in status in those routes won’t change).

this is the issue to watch for this feature: https://github.com/supertokens/supertokens-auth-react/issues/228

Thanks for the quick reply! Ill check that out

Great library by the way 💌

Thanks! 🙌

What made you interested if you dont mind me asking? Seems like you joined our Discord a long time ago?

Im an amateur dev. I was trying to learn how JWT's worked and i came across your website and saw the breakdowns (which were awesome), and the library. So i bookmarked for it use next time i had to write an app

After these changes auth stopped working at all. After login it doesn't set any cookies/localstorage and I'm redirected back to login screen

Same even outside iframe

@User the change that was made is that we set the cookie's sameSite to

none

.

which would only be applied if the domain is https

if the domain is https, and cookies are still not being applied, do you see any error in the console explaining why they are not getting set?

First it tries to send a /refresh requests with no cookies (as I'm logged out) which returns 401 - which is fine

message has been deleted

Then it sends /signin request and gets cookies in response

message has been deleted

This also looks right