https://supertokens.com/ logo
Join Discord
Powered by
We re almost integrated and back to
# support-questions
c
We're almost integrated and back to where we were with auth0, but noticing some strange issue with the Supertokens' React package. In the documentation, specifically [this page](https://supertokens.com/docs/thirdparty/pre-built-ui/handling-session-tokens), it says your SDK adds interceptors to fetch and axios to save and add the session tokens from and to the request. However, in our experience this has not been the case and the interceptors only sometimes add the token to the request. This has left us with a massive flaw in our application since some routes (that should) aren't passing the token. We have installed Supertokens on the backend and frontend as per the 'pre-build ui thirdPartyEmailPassword' documentation and everything has ran very smoothly apart from this snatch. Is there anything in particular we could be missing?
Here's an example of a request we make to our backend that gets the cookies appended by the supertokens interceptor as expected:
Copy code
>>>> GET /api/v1/auth/users/f57bf866-89cd-41a0-a050-090bb03e0e18 X-Forwarded-Host: localhost:3000
X-Forwarded-Proto: http
X-Forwarded-Port: 3000
X-Forwarded-For: 127.0.0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Cookie: csrftoken=XXXXXXXX; _ga_JQ0QLB8NY7=XXXXXXXX; _ga=XXXXXXX; csrf_token_XXXXXX; sessionid=XXXXXX; st-last-access-token-update=XXXXXX; sAccessToken=XXXXXX; sFrontToken=XXXXXXX
Referer: http://localhost:3000/
Connection: close
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.5
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Host: localhost:5000
And another that doesn't get the cookies added:
Copy code
>>>> GET /api/v1/briefs/ Host: 127.0.0.1:5000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://localhost:3000
Referer: http://localhost:3000/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Our frontend init looks like this:
Copy code
javascript
SuperTokens.init({
    appInfo: {
        appName: "p100",
        apiDomain: "http://localhost:5000",
        websiteDomain: "http://localhost:3000",
        apiBasePath: "/api/v1/auth",
        websiteBasePath: "/auth"
    },
    recipeList: [
        Session.init(),
        EmailVerification.init({
            mode: "OPTIONAL",
        }),
        ThirdPartyEmailPassword.init({
            getRedirectionURL: async (context) => {
                if (context.action === "SUCCESS") {
                    if (context.isNewUser) {
                        return '/onboarding/user';
                    } else {
                        if (context.redirectToPath !== undefined)
                            return context.redirectToPath;
                        return '/';
                    }
                }
                return undefined;
            },
            signInAndUpFeature: {
                providers: [
                    Google.init(),
                ]
            },
            style: supertokensStyle,
            resetPasswordUsingTokenFeature: {
                enterEmailForm: {
                    style: suptertokensResetStyle
                }
            }
        }),
    ]
});
What's odd is that even on the first request to our custom endpoint 
/api/v1/auth/users/<user_id>
which has had the cookies added is that supertokens is not adding their custom header 
rid: anti-csrf
r
So I think the issue is that the apiDomain set is localhost:5000 in the SDK, but the api domain used when you are querying is 127.0.0.1.
So you want to switch to using localhost:5000 when you query your backend and this will enable interception
c
Great, that was it! Thanks Rishabh
PreviousNext
Powered by