https://supertokens.com/ logo
session refresh issue
d

devdev

04/21/2023, 10:11 AM
Hey , i am currently implementing the email password recipe, and it works perfectly locally, but as soon as i deploy it , i get 401 status on the /auth/session/refresh route
r

rp

04/21/2023, 10:43 AM
hey @devdev can you enable backend debug logs and show the output when the refresh route is called?
d

devdev

04/21/2023, 11:32 AM
server  | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Error is from SuperTokens recipe. Message: Failed to verify access token", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:302:30" sdkVer: "13.4.2"}
server  | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Checking recipe for match: emailpassword", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:308:34" sdkVer: "13.4.2"}
server  | 
server  | 
server  | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Checking recipe for match: session", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:308:34" sdkVer: "13.4.2"}
server  | 
server  | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: Matched with recipeID: session", file: "/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:312:38" sdkVer: "13.4.2"}
server  | 2023-04-21T11:32:05.930Z com.supertokens {t: "2023-04-21T11:32:05.930Z", message: "errorHandler: returning TRY_REFRESH_TOKEN", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipe.js:149:34" sdkVer: "13.4.2"}
server  | 2023-04-21T11:35:59.366Z com.supertokens {t: "2023-04-21T11:35:59.366Z", message: "refreshSession: UNAUTHORISED because refresh token in request is undefined", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:466:30" sdkVer: "13.4.2"}
r

rp

04/21/2023, 12:43 PM
So the refresh token is not being sent to the api
What path is it querying? And what is the cookie path for the refresh token (you can see this in the response headers to the sign in api call)
d

devdev

04/21/2023, 2:22 PM
/auth/session/refresh

https://cdn.discordapp.com/attachments/1098913926500073482/1098979385094189166/e5008a89-7192-49ea-8875-d7e8cd4425dd.png

This is what i get when i do document.cookie
r

rp

04/21/2023, 2:35 PM
Can I see a screenshot of the sign in response headers?
d

devdev

04/21/2023, 2:58 PM
access-control-allow-credentials: true
access-control-expose-headers: front-token
alt-svc: h3=":443"; ma=2592000
content-length: 247
content-type: application/json; charset=utf-8
date: Fri, 21 Apr 2023 14:25:41 GMT
etag: W/"f7-6UehJ7CxYknpw2PCrVtA9lwsYaI"
front-token: eyJ1aWQiOiI1NTFlYWEyNi0xMDc1LTQyZmMtOGMwMy1jNGMwYjRiMmE5YzQiLCJhdGUiOjE2ODIwODcxNTEyOTksInVwIjp7fX0=
server: Caddy
server: nginx/1.23.4
set-cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiNjkxODMwY2YtNmJlNy00MzQ0LWI0YzYtODVjMTRhMGY2NDlkIiwidXNlcklkIjoiNTUxZWFhMjYtMTA3NS00MmZjLThjMDMtYzRjMGI0YjJhOWM0IiwicmVmcmVzaFRva2VuSGFzaDEiOiJlMDBiN2QyM2M1NTJiMjkzOTk5OTljOWFkYTM5MjEzNWNkODI3ZWM1ZWE0Nzc2OGI1MTNhMzJiMDlhNTE4NmVkIiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY4MjA4NzE1MTI5OSwidGltZUNyZWF0ZWQiOjE2ODIwODcxNDEyOTksImxtcnQiOjE2ODIwODcxNDEyOTl9.WrJfI3jUbvTwRCgv2gtsIn4r9INomZMLrXzozLZczaeKGRiGjb2A2gv87s%2B%2BlZ5e%2BaK%2Fvdt55MjlBUiT%2FXSB6EH0T6PMDZ2tKB40aiu8xPIBzzq29Kf0Vji%2BUQQ6Yx6xSfXnajiV5UsBXXNfKH%2Fsr04MTl%2F2eEduT8NwL03R%2FfQUx8EGzExPWhEqMJzveS7Qmy1GI1r3bqxFAhLFMe0XVXr4atE6YpwOoE%2FOpGV9wk7piuODSnk7I8vciUd03SqpZ%2Fmj9e%2FDENGoVP7HNAqI4qXx%2B%2BRNhmhSHBC7paguhpDsfhkeclKXov3BQ1EmWAd8d20dY%2FIPI%2Bga9gUdRZ%2BoCg%%3D; Path=/; Expires=Sun, 28 Mar 2123 14:25:41 GMT; HttpOnly; SameSite=Lax
set-cookie: sRefreshToken=mO7d8oQBSbgYHXpee92JOdJVXOOi5Ey1m4uA1o5jR3G2EFfghp1cWTg9cI9mpqYuIOX%2FyQGcFCHL9f2H7Zb0h6BSiqmeKVmQs9ZNJe8HgsscP23B%2BaFjsjyKes%2FCCw78jCLvDuhDezht%2FYbEecdn5VCZCENzEVr71wyaKoJNAm%2B0XI%2BdekP0wBc8%2BMS1l6vfkVmivGTz1jnXxj3WY8apX7I9xlYBQPZwQADMLjf2Q9uKUUkiACGtvl1hhmISSPPBhwT5Sg4ORC5SxFiNHi%2BB.1f2fbd2bb9139b1c1f0db1f2aee81f18054e787d0fb8f9e5b17a01c881.V2; Path=/auth/session/refresh; Expires=Sun, 30 Jul 2023 14:25:41 GMT; HttpOnly; SameSite=Lax
vary: Origin
x-powered-by: Express
r

rp

04/21/2023, 3:34 PM
Can I see a screenshot? Is there any orange warning triangle you see at the end of set-cookie header?
d

devdev

04/21/2023, 5:10 PM
nope

https://cdn.discordapp.com/attachments/1098913926500073482/1099019234467663902/image.png

r

rp

04/21/2023, 5:10 PM
and whats the refresh API's path when the frontend tries to do a session refresh?
d

devdev

04/21/2023, 5:11 PM
v1/auth/session/refresh v1 is just because of nginx , have set all routes through it
r

rp

04/21/2023, 5:12 PM
right. So on the backend, in the appInfo config (in supertokens.init), just add apiGatewayPath:
"/v1"
d

devdev

04/21/2023, 5:13 PM
got it
thanks a log
lot
r

rp

04/21/2023, 5:15 PM
great
d

devdev

04/21/2023, 5:25 PM
hey now none of the auth routes are working
not found /auth/signup
r

rp

04/21/2023, 5:26 PM
whats the frontend appInfo setting and whats the backend appInfo setting?
d

devdev

04/21/2023, 5:28 PM
both baseUrl are set to /v1 /auth
r

rp

04/21/2023, 5:29 PM
can i see the full config object please?
on both frontend and backend
d

devdev

04/21/2023, 5:41 PM
appInfo: {
        // learn more about this on https://supertokens.com/docs/session/appinfo
        appName: 'Testapp',
        apiDomain: 'http://lgns.rnarayan.tech/v1',
        websiteDomain: 'http://lgns.rnarayan.tech',
        apiBasePath: '/v1/auth',
        websiteBasePath: '/',
    },
backend ^
r

rp

04/21/2023, 5:42 PM
right. Change the apiBasePath to
/auth
, and add apiGatewayPath:
/v1
and on the frontend, set
apiBasePath: '/v1/auth',
d

devdev

04/21/2023, 5:43 PM
SuperTokens.init({ appInfo: { apiDomain: 'https://lgns.rnarayan.tech/v1', apiBasePath: '/v1/auth', appName: 'Testapp', }, frontent
r

rp

04/21/2023, 5:43 PM
frontend is correct
d

devdev

04/21/2023, 5:54 PM
great! its working now, thanks