https://supertokens.com/ logo
Join Discord
Powered by
session issue
# support-questions
a
Good morning! I have a question about session refresh and access token. We are seeing an issue that hasn't appeared before. And it happens when we change enviroment from localhost to a hosted backend cluster. For some reason i get the error "unauthorized" specifically when trying to call supertokens.attemptrefreshsession() in my react native client. But i'm able to get a user id from supertokens.getUser()
r
hey @Axel Jönsson can you show the response headers when the sign in API request is made? A chrome screenshot would do.
a
ofc!

https://cdn.discordapp.com/attachments/1105739669494300723/1105740841986830387/Skarmavbild_2023-05-09_kl._20.25.24.png

as you can see the request is almost empty aswell
r
no i meant the sign in API call. Not refresh API
a
oh, ok!
htis is the login

https://cdn.discordapp.com/attachments/1105739669494300723/1105741394162749500/Skarmavbild_2023-05-10_kl._08.21.19.png

then i hace the consume aswell, which is successfull, but it's much longer since it has the cookie in it
r
hmm. The response header has no cookies?
a
maybe the consume endpoint is the one you're lookking for?

https://cdn.discordapp.com/attachments/1105739669494300723/1105741908195680277/Skarmavbild_2023-05-10_kl._08.23.25.png

https://cdn.discordapp.com/attachments/1105739669494300723/1105741996338991104/Skarmavbild_2023-05-10_kl._08.23.52.png

r
which versions of the frontend and backend SDKs are you using?
along with the SDK names
a
front end is: "supertokens-react-native": "^3.2.0",
backend: "supertokens-node": "^12.1.4"
r
right ok. The combination seems fine
and when you make an API request to a protected route, what are the request headers?
a
then we go via hasura, so we apply "x-hasura-company-id", "x-hasura-user-id", and "x-accept-language", otherwise it should be the same. Would you like a screen shot of it?
we go to a "whoami" endpoint, which checks the session and applies the hasura headers
r
hmm
a
the strange thing is as i explained, everything works fine when we have it setup locally on our computers
but yesterday we got an environment setup on our cluster, and then specifically the refresh doesn't work
and we are a bit out of ideas, so i wanted to check if you could have any idea of where we could continue our debugging
r
can you make sure that you have the right versions of the frontend / backend SDK in the new env as well? Cause sometimes if you use 
latest
as a version, it will pick up the latest version as opposed to the intended one.
a
I can check soon, the backend dev is arriving any minute. And i don't have access to the remote cluster hehe
r
sure.
@nkshah2 can help here.
a
thanks alot man! 🥰
does the supertokens.getUserId() and supertokens.doessessionexist() just check the asyncstorage? I can't see any api call for the two methods.
r
correct. It only checks the async storage
n
Hey @Axel Jönsson, Whats the config you provide when initialising SuperTokens? (both frontend and backend)
a
ok, and i see now that we are not getting any token/cookie applied to any of our api calls.

https://cdn.discordapp.com/attachments/1105739669494300723/1105750456904450108/Skarmavbild_2023-05-10_kl._08.56.42.png

n
Also in your consume API, could you send the full Set cookie header you receive?
a
this is the front end init: export function initSuperTokens() { SuperTokens.init({ apiDomain: BACKEND_URL, cookieDomain: SUPERTOKENS_COOKIE_DOMAIN, }); }
this is what we initialize the backend with: SUPERTOKENS_API_DOMAIN : https://engine.dev.se.sto1.cluster.farmo.dev SUPERTOKENS_API_KEY : undefined SUPERTOKENS_APP_NAME : Farmo SUPERTOKENS_CONNECTION_URI : https://auth.dev.se.sto1.cluster.farmo.dev SUPERTOKENS_COOKIE_DOMAIN : ".farmo.dev" SUPERTOKENS_DATABASE_HOST : postgres.development.svc.cluster.local SUPERTOKENS_DATABASE_NAME : supertokens SUPERTOKENS_DATABASE_PASSWORD : secret SUPERTOKENS_DATABASE_PORT : 5431 SUPERTOKENS_DATABASE_USERNAME : root SUPERTOKENS_WEBSITE_DOMAIN : https://engine.dev.se.sto1.cluster.farmo.dev
n
And this as well
a
Copy code
`
sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiNDk5ODVmYzEtMTc3Zi00NjgwLWI0MzUtYjVlM2JjMzI0ZTMwIiwidXNlcklkIjoiMTk4YWUxODAtZDg5My00YjlkLWJkYzctNDgwOWY4NzBmMTNiIiwicmVmcmVzaFRva2VuSGFzaDEiOiJjM2UxNDUyZjIwZjU3MmQ3MTk2MDYxYzA0OWU4OWE2ODE1Y2NiNmM5OWNiYjc5ZTExMWI2ZWZkYzFmZTdlMmQ1IiwidXNlckRhdGEiOnt9LCJleHBpcnlUaW1lIjoxNjgzNzA4ODEwODgzLCJ0aW1lQ3JlYXRlZCI6MTY4MzcwMTYxMDg4MywibG1ydCI6MTY4MzcwMTYxMDg4M30%3D.D%2BEKDleX70zbfvyyIlsoiz%2Bw1h24BtVtZRFrTlK7Xup4tNp7YtXyG1RsYwX1PMACZOm3GgkhI5XBMnRJWyO7dEjRMcf%2FMpLl3eyHWm8f8k4nCBFc29h1OGMewK7YrzPCjZa%2BvNlMEkGDFSme%2BWqEr%2FPAFVsskyWD2OyEoWaixwT%2F0tnvuzV6JVPVfRjINMfhzSdAK0k%2Fi4sWFo2os%2Fg6670moVIYmi6kFiQ4Snha7%2FrfYxGxNC6uXEHoV8SkxsgnlJU3%2Bz8gKprrBDW04zpQCPy8B1NAliRUhKENeTwzUshdRmAwXSCUV%2FzcMB9raSnn626YUXvDL4Zk5TIJPjayrw%3D%3D; Domain=".farmo.dev"; Path=/; Expires=Wed, 10 May 2023 08:53:30 GMT; HttpOnly; Secure; SameSite=Lax, sRefreshToken=%2B8yp7ogTPxCLXhnmvOU%2BxDDISX1R68NhoPzo%2FgGkIS1N1EWjf3C22euAXY6BqNQl%2FNxaQ7b0LZbLooeTffE702MeGQGiC4KDN1XwXZreZ6%2BS%2F9IvTcuFNChpyzjV0DAfCXn0wMrfe27VPR0H5UKEyfeMZJHExOBwVCIgN%2BJjya8bQWTFoAsT22s5IRmTiWSzjRQA3u8c6xK7RJo7FSeuisVq8AjBfoLhuptE3Im5DXctGZiZo7y%2FG9MQT1MHF6laejaJw7b6JESwCHWKVuPw.be96adaa09137901b730a95da1ea3e6d4bc732e0a776ebb10152d87b40f99d08.V2; Domain=".farmo.dev"; Path=/auth/session/refresh; Expires=Wed, 27 Aug 2025 06:53:30 GMT; HttpOnly; Secure; SameSite=Lax, sIdRefreshToken=636409de-2e7c-4697-aaad-e0366beb6331; Domain=".farmo.dev"; Path=/; Expires=Wed, 27 Aug 2025 06:53:30 GMT; HttpOnly; Secure; SameSite=Lax
btw, i missed mentioning the supertokens instance version we are running the cluster, which is: "docker.io/supertokens/supertokens-postgresql:3.14"
we started the cluster in debug now and found:
Copy code
"2023-05-10T07:13:40.884Z com.supertokens {t: "2023-05-10T07:13:40.884Z", message: "middleware: Not handling because request path did not start with config path. Request path: /api/users/registration-status", file: "
/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:232:30" sdkVer: "12.1.4"}"
Copy code
`
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: Started", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:140:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: rid in header: true", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:141:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: request method: get", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:142:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.860Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: returning undefined because idRefreshToken is undefined and sessionRequired is false", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:149:34" sdkVer: "12.1.4"}
n
Hey can you confirm one thing, after you call the consume API. Can you call 
SuperTokens.doesSessionExist()
and see what it returns?
a
yeah, i've checked, it's true and i can also get a userId()
n
This might be easier to debug on call, if thats alright i can send you a link
a
sure thing!
n
5 Views
PreviousNext
Powered by