We're almost integrated and back to where we were with auth0, but noticing some strange issue with t...
c
calum7865
03/21/2023, 10:56 AMWe're almost integrated and back to where we were with auth0, but noticing some strange issue with the Supertokens' React package. In the documentation, specifically [this page](https://supertokens.com/docs/thirdparty/pre-built-ui/handling-session-tokens), it says your SDK adds interceptors to fetch and axios to save and add the session tokens from and to the request. However, in our experience this has not been the case and the interceptors only sometimes add the token to the request. This has left us with a massive flaw in our application since some routes (that should) aren't passing the token.
We have installed Supertokens on the backend and frontend as per the 'pre-build ui thirdPartyEmailPassword' documentation and everything has ran very smoothly apart from this snatch. Is there anything in particular we could be missing?
calum7865
03/21/2023, 10:56 AMHere's an example of a request we make to our backend that gets the cookies appended by the supertokens interceptor as expected:
Copy code
>>>> GET /api/v1/auth/users/f57bf866-89cd-41a0-a050-090bb03e0e18 X-Forwarded-Host: localhost:3000
X-Forwarded-Proto: http
X-Forwarded-Port: 3000
X-Forwarded-For: 127.0.0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Cookie: csrftoken=XXXXXXXX; _ga_JQ0QLB8NY7=XXXXXXXX; _ga=XXXXXXX; csrf_token_XXXXXX; sessionid=XXXXXX; st-last-access-token-update=XXXXXX; sAccessToken=XXXXXX; sFrontToken=XXXXXXX
Referer: http://localhost:3000/
Connection: close
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.5
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Host: localhost:5000calum7865
03/21/2023, 10:57 AMAnd another that doesn't get the cookies added:
Copy code
>>>> GET /api/v1/briefs/ Host: 127.0.0.1:5000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://localhost:3000
Referer: http://localhost:3000/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-sitecalum7865
03/21/2023, 10:58 AMOur frontend init looks like this:
Copy code
javascript
SuperTokens.init({
appInfo: {
appName: "p100",
apiDomain: "http://localhost:5000",
websiteDomain: "http://localhost:3000",
apiBasePath: "/api/v1/auth",
websiteBasePath: "/auth"
},
recipeList: [
Session.init(),
EmailVerification.init({
mode: "OPTIONAL",
}),
ThirdPartyEmailPassword.init({
getRedirectionURL: async (context) => {
if (context.action === "SUCCESS") {
if (context.isNewUser) {
return '/onboarding/user';
} else {
if (context.redirectToPath !== undefined)
return context.redirectToPath;
return '/';
}
}
return undefined;
},
signInAndUpFeature: {
providers: [
Google.init(),
]
},
style: supertokensStyle,
resetPasswordUsingTokenFeature: {
enterEmailForm: {
style: suptertokensResetStyle
}
}
}),
]
});calum7865
03/21/2023, 10:59 AMWhat's odd is that even on the first request to our custom endpoint
/api/v1/auth/users/<user_id>rid: anti-csrfr
rp_st
03/21/2023, 10:59 AMSo I think the issue is that the apiDomain set is localhost:5000 in the SDK, but the api domain used when you are querying is 127.0.0.1.
rp_st
03/21/2023, 10:59 AMSo you want to switch to using localhost:5000 when you query your backend and this will enable interception
c
calum7865
03/22/2023, 11:44 AMGreat, that was it! Thanks Rishabh
SuperTokens.com
SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).
Powered by