https://supertokens.com/ logo
Join Discord
Powered by
Hi, I integrated a passwordless recipe for my proj...
# support-questions-legacy
m
Hi, I integrated a passwordless recipe for my project(fastAPI) as I used auth/signinup/code and auth/signinup/code/consume it's working fine and receiving user details in the response proper but for cookies, I am getting null instead of an access token. Can anyone explain me Thanks.
r
hey @monster71554
What are the response headers for the consume code API?
m
Copy code
{
  "status": "OK",
  "createdNewUser": false,
  "user": {
    "id": "abc758e1-59af-40c8-9c69-9323ea2e2bbb",
    "time_joined": 1681206319587,
    "email": "{{my_email}}"
  }
}
with status_code 200 ok
r
i mean response headers. Not the response body
m
content-length: 180 content-type: application/json date: Tue,11 Apr 2023 11:11:48 GMT server: uvicorn
are you asking about front-token?
r
did you send something that i missed?
m
Yes, I am getting {date, server, content-length, content-type, front-token, access-control-expose-headers, st-access-token, st-refresh-token} But I am asking about sAccessToken and sRefreshToken
r
Right. So for that, in the request, you need to add the header: “st-auth-mode: cookie”
This will tell the backend to use cookies instead of headers
Our website frontend SDK does this on its own. But if you are using postman, you need to add this header yourself in the request
m
Okay got it, Thank you for your quick answer.
hey there, I have another query, I am getting access-token and refresh-token both but they both are expired I didn't get it As the default expiration time is 1 hour If we haven't customized it.
r
how do you know that they both are expired?
m
I saw expires time and also tested it.
r
can you show me?
m
here is my whole header Headers([('date', 'Tue, 11 Apr 2023 13:14:47 GMT'), ('server', 'uvicorn'), ('content-length', '157'), ('content-type', 'application/json; charset=utf-8'), ('front-token', 'eyJhdGUiOjE2ODEyMjI0ODc2ODYsInVpZCI6ImM4NTg0YzUxLTdmOWMtNDlkYy1iMjcyLTZjODY0MzlkNGE4YSIsInVwIjp7fX0='), ('access-control-expose-headers', 'front-token'), ('set-cookie', 'sAccessToken="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiNmFmMTkzY2UtODVkZC00YTkwLWFkNTEtMjk0MjJiZGYwYTY4IiwidXNlcklkIjoiYzg1ODRjNTEtN2Y5Yy00OWRjLWIyNzItNmM4NjQzOWQ0YThhIiwicmVmcmVzaFRva2VuSGFzaDEiOiIyMGJkZDFmNjVkYWE3NDIwNDU1ZTRhNzkxMGNkM2UyNzU5MTlhZGI0Y2VlMzlhOWE5MzBhYTY4NTg3MTdkNjMyIiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY4MTIyMjQ4NzY4NiwidGltZUNyZWF0ZWQiOjE2ODEyMTg4ODc2ODYsImxtcnQiOjE2ODEyMTg4ODc2ODZ9.eFDfBbmCmPbXzvbdvl0QVCRHPrZ4laCsA9ha0ttOFqpRkYDke/pItOrU2R2ECRohHKwrv1P4KU6xlo76ShM9EkFBDflmiVjE4GxGjilTc2hgDly2bQqXGWWRnMGqO0O67Fd1aKhrU6Uhdg%2BIfXCEkxfKEjBc4J4dmf34kSkwK81OmKg4OYiDveYsI0zr1UlS7wqW1sBj1eiQ7iBSILN8U5Kwqz/pMJw1sj4uajL7%2B7Us4Qn4xwMETE2gb%2BDPLnx38sRpTRnz4Bu2k/3Tg7AEQQu9TxhBfKAVdEGhfSNbePgr7wNP8TxUQyYJa4wpR%2BGJnPa4eqCS8yCN%2Bj4TJLs6yQ%3D%3D"; expires=Thu, 18 Mar 2123 13:14:47 GMT; HttpOnly; Path=/; SameSite=lax'), ('set-cookie', 'sRefreshToken="mY7hCWTxfsfKGj6H6N%2BCV/h7Qnx9R2Espoz7rnUXjeJ5i/TBTSW1abN0vdTRQBjgG6H4fd1LKU%2BRRVrhogMIqBQ22dlaijaiE3ZasMifypAIBbPBOjQX4m6a8ZjdNwKzVPZOPQn4kpizj5xS/o%2BHRUCirRxYf%2BhRpkZ161HW8LKghyTkHmGohHlZXBy3eR7KEhIS47glmTbVc/GMHYXUKT24yd9h/VRWH4L5ucQgliQ2PG8jHJYr1v0ZMA2MPwp064k6W21B6yC09IproT7a.351dc462c5395211158cac09f224b9ac4c74212f6109ae8d89e66506c69b6eb8.V2"; expires=Thu, 20 Jul 2023 13:14:47 GMT; HttpOnly; Path=/auth/session/refresh; SameSite=lax')]) as date time and expires both are the same
r
not really.. the expiry time is 1 hour aheead of the creation time in the access token - as expected
in fact, that access token is still valid
m
when I tested it on a secured endpoint it said try refresh token
r
so can you enable backend debug logs and show me the ouptut of the logs when you call the API that returns the error?
m
wait a min

https://cdn.discordapp.com/attachments/1095304726695907378/1095346128419045476/Screenshot_from_2023-04-11_19-23-24.png

r
can i see your request?
i mean request headers
m
yes it's proper
r
Can you show me all the request headers please?
Are you passing in sIdRefreshToken cookie in the request?
m
yes, @rp_st I passed in sIdRefreshToken cookie in the request as it's used by my other project. and I noticed that we could not send an extra cookie, need to just pass as mentioned in the docs. fixed it Thanks.
r
yes! we have gotten rid of sIdRefreshToken in our recent versions
m
Ahh!! good to hear it
3 Views
PreviousNext
Powered by