Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
session refresh issue
d
devdev
04/21/2023, 10:11 AMHey , i am currently implementing the email password recipe, and it works perfectly locally, but as soon as i deploy it , i get 401 status on the /auth/session/refresh route
r
rp
04/21/2023, 10:43 AMhey @devdev can you enable backend debug logs and show the output when the refresh route is called?
d
devdev
04/21/2023, 11:32 AMserver | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Error is from SuperTokens recipe. Message: Failed to verify access token", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:302:30" sdkVer: "13.4.2"}
server | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Checking recipe for match: emailpassword", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:308:34" sdkVer: "13.4.2"}
server |
server |
server | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Checking recipe for match: session", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:308:34" sdkVer: "13.4.2"}
server |
server | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Matched with recipeID: session", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:312:38" sdkVer: "13.4.2"}
server | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: returning TRY_REFRESH_TOKEN", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipe.js:149:34" sdkVer: "13.4.2"}server | 2023-04-21T11:35:59.366Z com.supertokens {t: "2023-04-21T11:35:59.366Z", message: "refreshSession: UNAUTHORISED because refresh token in request is undefined", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:466:30" sdkVer: "13.4.2"}r
rp
04/21/2023, 12:43 PMSo the refresh token is not being sent to the api
What path is it querying? And what is the cookie path for the refresh token (you can see this in the response headers to the sign in api call)
d
devdev
04/21/2023, 2:22 PM/auth/session/refresh
https://cdn.discordapp.com/attachments/1098913926500073482/1098979385094189166/e5008a89-7192-49ea-8875-d7e8cd4425dd.png▾
This is what i get when i do document.cookie
r
rp
04/21/2023, 2:35 PMCan I see a screenshot of the sign in response headers?
d
devdev
04/21/2023, 2:58 PMaccess-control-allow-credentials: true
access-control-expose-headers: front-token
alt-svc: h3=":443"; ma=2592000
content-length: 247
content-type: application/json; charset=utf-8
date: Fri, 21 Apr 2023 14:25:41 GMT
etag: W/"f7-6UehJ7CxYknpw2PCrVtA9lwsYaI"
front-token: eyJ1aWQiOiI1NTFlYWEyNi0xMDc1LTQyZmMtOGMwMy1jNGMwYjRiMmE5YzQiLCJhdGUiOjE2ODIwODcxNTEyOTksInVwIjp7fX0=
server: Caddy
server: nginx/1.23.4
set-cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiNjkxODMwY2YtNmJlNy00MzQ0LWI0YzYtODVjMTRhMGY2NDlkIiwidXNlcklkIjoiNTUxZWFhMjYtMTA3NS00MmZjLThjMDMtYzRjMGI0YjJhOWM0IiwicmVmcmVzaFRva2VuSGFzaDEiOiJlMDBiN2QyM2M1NTJiMjkzOTk5OTljOWFkYTM5MjEzNWNkODI3ZWM1ZWE0Nzc2OGI1MTNhMzJiMDlhNTE4NmVkIiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY4MjA4NzE1MTI5OSwidGltZUNyZWF0ZWQiOjE2ODIwODcxNDEyOTksImxtcnQiOjE2ODIwODcxNDEyOTl9.WrJfI3jUbvTwRCgv2gtsIn4r9INomZMLrXzozLZczaeKGRiGjb2A2gv87s%2B%2BlZ5e%2BaK%2Fvdt55MjlBUiT%2FXSB6EH0T6PMDZ2tKB40aiu8xPIBzzq29Kf0Vji%2BUQQ6Yx6xSfXnajiV5UsBXXNfKH%2Fsr04MTl%2F2eEduT8NwL03R%2FfQUx8EGzExPWhEqMJzveS7Qmy1GI1r3bqxFAhLFMe0XVXr4atE6YpwOoE%2FOpGV9wk7piuODSnk7I8vciUd03SqpZ%2Fmj9e%2FDENGoVP7HNAqI4qXx%2B%2BRNhmhSHBC7paguhpDsfhkeclKXov3BQ1EmWAd8d20dY%2FIPI%2Bga9gUdRZ%2BoCg%%3D; Path=/; Expires=Sun, 28 Mar 2123 14:25:41 GMT; HttpOnly; SameSite=Lax
set-cookie: sRefreshToken=mO7d8oQBSbgYHXpee92JOdJVXOOi5Ey1m4uA1o5jR3G2EFfghp1cWTg9cI9mpqYuIOX%2FyQGcFCHL9f2H7Zb0h6BSiqmeKVmQs9ZNJe8HgsscP23B%2BaFjsjyKes%2FCCw78jCLvDuhDezht%2FYbEecdn5VCZCENzEVr71wyaKoJNAm%2B0XI%2BdekP0wBc8%2BMS1l6vfkVmivGTz1jnXxj3WY8apX7I9xlYBQPZwQADMLjf2Q9uKUUkiACGtvl1hhmISSPPBhwT5Sg4ORC5SxFiNHi%2BB.1f2fbd2bb9139b1c1f0db1f2aee81f18054e787d0fb8f9e5b17a01c881.V2; Path=/auth/session/refresh; Expires=Sun, 30 Jul 2023 14:25:41 GMT; HttpOnly; SameSite=Lax
vary: Origin
x-powered-by: Expressr
rp
04/21/2023, 3:34 PMCan I see a screenshot? Is there any orange warning triangle you see at the end of set-cookie header?
d
devdev
04/21/2023, 5:10 PMnope
https://cdn.discordapp.com/attachments/1098913926500073482/1099019234467663902/image.png▾
r
rp
04/21/2023, 5:10 PMand whats the refresh API's path when the frontend tries to do a session refresh?
d
devdev
04/21/2023, 5:11 PMv1/auth/session/refresh
v1 is just because of nginx , have set all routes through it
r
rp
04/21/2023, 5:12 PMright. So on the backend, in the appInfo config (in supertokens.init), just add apiGatewayPath:
"/v1"d
devdev
04/21/2023, 5:13 PMgot it
thanks a log
lot
r
rp
04/21/2023, 5:15 PMgreat
d
devdev
04/21/2023, 5:25 PMhey now none of the auth routes are working
not found /auth/signup
r
rp
04/21/2023, 5:26 PMwhats the frontend appInfo setting and whats the backend appInfo setting?
d
devdev
04/21/2023, 5:28 PMboth baseUrl are set to /v1 /auth
r
rp
04/21/2023, 5:29 PMcan i see the full config object please?
on both frontend and backend
d
devdev
04/21/2023, 5:41 PMappInfo: {
// learn more about this on https://supertokens.com/docs/session/appinfo
appName: 'Testapp',
apiDomain: 'http://lgns.rnarayan.tech/v1',
websiteDomain: 'http://lgns.rnarayan.tech',
apiBasePath: '/v1/auth',
websiteBasePath: '/',
},backend ^
r
rp
04/21/2023, 5:42 PMright. Change the apiBasePath to
/auth/v1and on the frontend, set
apiBasePath: '/v1/auth',d
devdev
04/21/2023, 5:43 PMSuperTokens.init({
appInfo: {
apiDomain: 'https://lgns.rnarayan.tech/v1',
apiBasePath: '/v1/auth',
appName: 'Testapp',
},
frontent
r
rp
04/21/2023, 5:43 PMfrontend is correct
d
devdev
04/21/2023, 5:54 PMgreat! its working now, thanks