Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
KeyError 'access_token'
w
Wildson
05/09/2023, 4:21 PMHas anyone had this problem? It happens constantly, but the user just needs to try to login/request again and it works.
https://cdn.discordapp.com/attachments/644849840475602944/1105529958480220180/image.png▾
The error comes in this function:
https://cdn.discordapp.com/attachments/1105529958740279376/1105530719700271274/image.png▾
r
rp
05/09/2023, 4:36 PMhey ! Which social provider are you trying to sign up / in with?
@KShivendu can help here.
w
Wildson
05/09/2023, 5:06 PMHi @rp ,
Google.
r
rp
05/09/2023, 5:08 PMHmm. This means that google isn’t sending you an access token. Which usually implies that the auth code sent to the api is either invalid or as already been used
Are you using a custom ui on the frontend and using reactjs?
w
Wildson
05/09/2023, 5:21 PMNo, I'm using the default for next js
r
rp
05/09/2023, 5:21 PMhmm. Is this replicable reliably ?
w
Wildson
05/09/2023, 5:23 PMI've never been able to replicate it, but it happens to my users, I just know that it's giving an error because of the sentry and because I've already had complaints that sometimes it's necessary to log in several times because it keeps giving an error
r
rp
05/09/2023, 5:24 PMthat's really strange. We haven't had this complaint from anyone until now.
Have you set any custom scope for google sign in?
w
Wildson
05/09/2023, 5:25 PMI got this error 160 times in the last 30 days, but I have no idea what happens
I use this scope "https://www.googleapis.com/auth/userinfo.profile"
r
rp
05/09/2023, 5:28 PMthat seems right
i'll see what we can do to help with this. Give me sometime
w
Wildson
05/09/2023, 6:07 PMI was able to simulate the error by changing the origin of NextCors, after changing the first attempt failed at login, the others proceed without problems:
pages/auth/[[...path].ts
Does this have anything to do with when it's in production?
https://cdn.discordapp.com/attachments/1105529958740279376/1105556677614391326/CleanShot_2023-05-09_at_15.06.292x.png▾
r
rp
05/09/2023, 6:49 PMhmm. So the setting you changed is in your nextjs backend which has little to do with the python backed. So this change should not affect the python backend behaviour
k
KShivendu
05/10/2023, 7:41 AMHi @Wildson that's unexpected. Can you can see the value of
auth_code_responser
rp
05/10/2023, 7:41 AMhow will they see that @KShivendu ? This error is from our SDK.
k
KShivendu
05/10/2023, 7:53 AM@rp iirc, sentry collects variables names and values from the whole call stack when error occurs.
r
rp
05/10/2023, 7:53 AMi see. okay
w
Wildson
05/10/2023, 2:11 PMRaw trace
https://cdn.discordapp.com/attachments/1105529958740279376/1105859665918697595/CleanShot_2023-05-10_at_11.10.17.png▾
Sentry blur variables
https://cdn.discordapp.com/attachments/1105529958740279376/1105859919070113822/CleanShot_2023-05-10_at_11.11.42.png▾
r
rp
05/10/2023, 2:12 PMoh.. we wanted to see the value of auth_code_response
w
Wildson
05/10/2023, 2:40 PMI disabled the filter
https://cdn.discordapp.com/attachments/1105529958740279376/1105867028994203739/CleanShot_2023-05-10_at_11.40.13.png▾
r
rp
05/10/2023, 2:52 PMright. Is the redirectURI in the request correct?
w
Wildson
05/10/2023, 4:02 PMYes
r
rp
05/10/2023, 4:04 PMWhat the value that’s being sent to the backend? And what’s the value that’s set on Google’s dashboard?
w
Wildson
05/10/2023, 4:48 PMI found the problem, at the time of login two signup requests are always being sent, and the token can only be obtained once and the error occurs on the second attempt. This explains why it only happened a few times, as it depended on the time of the two requests, even if the second failed, the user was authenticated with the first request and for him it was "transparent".
Is there some wrong configuration in my NextJS? Even in production two login requests are made.
https://cdn.discordapp.com/attachments/1105529958740279376/1105899090702774373/image.png▾
My frontendConfig:
import Router from "next/router";
import SessionReact from "supertokens-auth-react/recipe/session";
import ThirdPartyEmailPasswordReact from "supertokens-auth-react/recipe/thirdpartyemailpassword";
import { appInfo } from "./appInfo";
import { ptbr } from "./translation";
export const frontendConfig = () => {
return {
languageTranslations: {
translations: {
ptbr,
},
defaultLanguage: "ptbr",
},
appInfo,
recipeList: [
ThirdPartyEmailPasswordReact.init({
style: `
[data-supertokens~=container] {
--palette-background: 51, 51, 51;
--palette-inputBackground: 41, 41, 41;
--palette-inputBorder: 41, 41, 41;
--palette-textTitle: 255, 255, 255;
--palette-textLabel: 255, 255, 255;
--palette-textPrimary: 255, 255, 255;
--palette-error: 173, 46, 46;
--palette-textInput: 169, 169, 169;
--palette-textLink: 169, 169, 169;
--palette-primary: 232, 89, 12;
--palette-primaryBorder: 220, 77, 0;
}
[data-supertokens~=forgotPasswordLink] {
visibility: hidden;
position: absolute;
}
[data-supertokens~=headerSubtitle] {
visibility: hidden;
position: absolute;
}
`,
signInAndUpFeature: {
providers: [ThirdPartyEmailPasswordReact.Google.init()],
},
}),
SessionReact.init(),
],
windowHandler: (oI: any) => {
return {
...oI,
location: {
...oI.location,
setHref: (href: string) => {
Router.push(href);
},
},
};
},
};
};r
rp
05/10/2023, 4:57 PMhmm. So you are using our pre built UI?
w
Wildson
05/10/2023, 4:59 PMYes
https://cdn.discordapp.com/attachments/1105529958740279376/1105901991214985246/CleanShot_2023-05-10_at_13.59.292x.png▾
r
rp
05/10/2023, 5:00 PMHmmm. Can you please open an issue about this? Also stating the react version and your frontend setup?
We can have a look. Cause we do remember fixing this issue before
w
Wildson
05/10/2023, 5:01 PMYes, thanks for the help
r
rp
05/10/2023, 5:01 PMThanks
Also, is this happening in production build as well? Or just dev build?
w
Wildson
05/10/2023, 5:16 PMBoth
r
rp
05/10/2023, 5:17 PMRight ok. We can have a look once you open an issue. Please mention the NextJS version you use as well
w
Wildson
05/10/2023, 5:17 PMr
rp
05/10/2023, 5:17 PMAlso provide the frontend supertokens.init config that you have
Thanks. Btw, are you calling signinup function from our SDK on your own on the frontend?
w
Wildson
05/10/2023, 5:21 PMThis setup?
import { Request, Response } from "express";
import { NextApiRequest, NextApiResponse } from "next";
import NextCors from "nextjs-cors";
import supertokens from "supertokens-node";
import { middleware } from "supertokens-node/framework/express";
import { superTokensNextWrapper } from "supertokens-node/nextjs";
import { backendConfig } from "../../../config/backendConfig";
supertokens.init(backendConfig());
const websiteDomain = process.env.NEXT_PUBLIC_APP_URL || "http://localhost:3000";
export default async function superTokens(req: NextApiRequest & Request, res: NextApiResponse & Response) {
// NOTE: We need CORS only if we are querying the APIs from a different origin
await NextCors(req, res, {
methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
origin: websiteDomain,
credentials: true,
allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
});
await superTokensNextWrapper(
async (next) => {
// This is needed for production deployments with Vercel
res.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
await middleware()(req, res, next);
},
req,
res
);
if (!res.writableEnded) {
res.status(404).send("Not found");
}
}I believe your SDK
r
rp
05/10/2023, 5:24 PMno i mean the frontend supertokens.init
w
Wildson
05/10/2023, 5:25 PMWhat location is this? _app? I'm a little confused
r
rp
05/10/2023, 5:26 PMyea. in the _app.tsx, you must be doing supertokens.init from the supertokens-auth-react SDK
i want to know the config provided to supertokens.init
w
Wildson
05/10/2023, 5:26 PM`
if (typeof window !== "undefined") {
SuperTokensReact.init(frontendConfig());
}
function App({ Component, pageProps }: AppProps<{ fromSupertokens: string }>) {
const [opened, setOpened] = useState(false);
const { width } = useViewportSize();
const router = useRouter();
useEffect(() => {
async function doRefresh() {
if (pageProps.fromSupertokens === "needs-refresh") {
if (await Session.attemptRefreshingSession()) {
location.reload();
} else {
redirectToAuth();
}
}
}
doRefresh();
}, [pageProps.fromSupertokens]);
if (pageProps.fromSupertokens === "needs-refresh") {
return null;
}
return (
<>
<Head>
<title>Explorernet</title>
<meta name="viewport" content="minimum-scale=1, initial-scale=1, width=device-width" />
</Head>
<AppProviders>
{router.pathname.startsWith("/auth") && <Component {...pageProps} key={router.asPath} />}
{!router.pathname.startsWith("/auth") && (
<AppShell
fixed
navbarOffsetBreakpoint="sm"
navbar={
width < 769 && width > 0 ? <NavbarMobile opened={opened} setOpened={setOpened} /> : <CustomNavbar />
}
styles={(theme) => ({
main: {
backgroundColor: theme.colorScheme == "dark" ? theme.colors.dark[8] : theme.colors.gray[0],
},
})}
header={width < 769 && width > 0 ? <CustomHeader opened={opened} setOpened={setOpened} /> : undefined}
>
<SessionAuth>
<RouterTransition />
<Component {...pageProps} key={router.asPath} />
</SessionAuth>
</AppShell>
)}
</AppProviders>
</>
);
}
export default App;r
rp
05/10/2023, 5:27 PMyup. The contents of
frontendConfig()w
Wildson
05/10/2023, 5:28 PMfrontendConfig
import Router from "next/router";
import SessionReact from "supertokens-auth-react/recipe/session";
import ThirdPartyEmailPasswordReact from "supertokens-auth-react/recipe/thirdpartyemailpassword";
import { appInfo } from "./appInfo";
import { ptbr } from "./translation";
export const frontendConfig = () => {
return {
languageTranslations: {
translations: {
ptbr,
},
defaultLanguage: "ptbr",
},
appInfo,
recipeList: [
ThirdPartyEmailPasswordReact.init({
style: `
[data-supertokens~=container] {
--palette-background: 51, 51, 51;
--palette-inputBackground: 41, 41, 41;
--palette-inputBorder: 41, 41, 41;
--palette-textTitle: 255, 255, 255;
--palette-textLabel: 255, 255, 255;
--palette-textPrimary: 255, 255, 255;
--palette-error: 173, 46, 46;
--palette-textInput: 169, 169, 169;
--palette-textLink: 169, 169, 169;
--palette-primary: 232, 89, 12;
--palette-primaryBorder: 220, 77, 0;
}
[data-supertokens~=forgotPasswordLink] {
visibility: hidden;
position: absolute;
}
[data-supertokens~=headerSubtitle] {
visibility: hidden;
position: absolute;
}
`,
signInAndUpFeature: {
providers: [ThirdPartyEmailPasswordReact.Google.init()],
},
}),
SessionReact.init(),
],
windowHandler: (oI: any) => {
return {
...oI,
location: {
...oI.location,
setHref: (href: string) => {
Router.push(href);
},
},
};
},
};
};r
rp
05/10/2023, 5:30 PMok this helps. Thanks. I'll add this to the issue as well.
and are you doing any react component override?
w
Wildson
05/10/2023, 5:31 PMNo, the only override I do is in the backend
r
rp
05/10/2023, 5:31 PMok got it. Thanks for the info. We will try and replicate the issue first
w
Wildson
05/10/2023, 5:31 PMOk, thanks
r
rp
05/10/2023, 5:36 PMHey @Wildson the two requests being made - are they both POST requests? Or is one of them OPTIONS?
w
Wildson
05/10/2023, 5:38 PMboth POST
r
rp
05/10/2023, 5:38 PMOkay
w
Wildson
05/10/2023, 5:39 PMSometime both return status 200 🤷🏻♂️
r
rp
05/10/2023, 5:39 PMThat shouldn’t be possible
Can I see the network area screenshot along with the method?
w
Wildson
05/10/2023, 5:40 PMhttps://cdn.discordapp.com/attachments/1105529958740279376/1105912163954065428/CleanShot_2023-05-10_at_14.39.55.png▾
https://cdn.discordapp.com/attachments/1105529958740279376/1105912208828936212/CleanShot_2023-05-10_at_14.40.10.png▾
r
rp
05/10/2023, 5:40 PMCan you show the method as well? So don’t select any one request
w
Wildson
05/10/2023, 5:40 PMhttps://cdn.discordapp.com/attachments/1105529958740279376/1105912379147034694/CleanShot_2023-05-10_at_14.40.49.png▾
This is in production build
r
rp
05/10/2023, 5:41 PMCan you get chrome to show the method as well?
Tagging @porcellus and @Alisher Aituarov here.
w
Wildson
05/10/2023, 5:42 PMhttps://cdn.discordapp.com/attachments/1105529958740279376/1105912760564453486/CleanShot_2023-05-10_at_14.41.25.png▾
It helps?
r
rp
05/10/2023, 5:44 PMAnd the second request one as well please
w
Wildson
05/10/2023, 5:45 PMhttps://cdn.discordapp.com/attachments/1105529958740279376/1105913474451775579/CleanShot_2023-05-10_at_14.44.28.png▾
r
rp
05/10/2023, 5:45 PMHmm. This seems very strange. I’m not sure how google allows using the same auth code twice. Very odd!
We will try and replicate it
w
Wildson
05/10/2023, 5:48 PMMaybe as it is very fast/the same time for both is possible, I put a delay between one or the other and I could not replicate
r
rp
05/10/2023, 5:49 PMHow did you put a delay?
w
Wildson
05/10/2023, 5:50 PMrandom.randint(1, 5)
In my backend
r
rp
05/10/2023, 5:50 PMwhere on the backend?
w
Wildson
05/10/2023, 5:50 PMDjango, i will send to you
r
rp
05/10/2023, 5:52 PMRight ok. Makes sense. Thanks for the info
p
porcellus
05/10/2023, 9:56 PMI see nothing out of ordinary in the frontend code, and trying this with the same versions I could not replicate the issue.
Is there anything else that could help me get the same error? Or maybe any code/repo I could look at?
I'll try replicating it again, but any help/further info would be greatly appreciated 🙂
w
Wildson
05/11/2023, 12:14 PMLater I will try to simulate with a public repository, what I noticed is that only with the social login (Google and GitHub) this duplication happens, with email and password only one request is sent