Good morning!
I have a question about session re...
# support-questions-legacya
Axel
05/10/2023, 6:14 AMGood morning!
I have a question about session refresh and access token. We are seeing an issue that hasn't appeared before. And it happens when we change enviroment from localhost to a hosted backend cluster.
For some reason i get the error "unauthorized" specifically when trying to call supertokens.attemptrefreshsession() in my react native client. But i'm able to get a user id from supertokens.getUser()
r
rp_st
05/10/2023, 6:18 AMhey @Axel can you show the response headers when the sign in API request is made? A chrome screenshot would do.
a
Axel
05/10/2023, 6:18 AMofc!
Axel
05/10/2023, 6:19 AMAxel
05/10/2023, 6:19 AMas you can see the request is almost empty aswell
r
rp_st
05/10/2023, 6:20 AMno i meant the sign in API call. Not refresh API
a
Axel
05/10/2023, 6:20 AMoh, ok!
Axel
05/10/2023, 6:21 AMhtis is the login
Axel
05/10/2023, 6:22 AMthen i hace the consume aswell, which is successfull, but it's much longer since it has the cookie in it
r
rp_st
05/10/2023, 6:22 AMhmm. The response header has no cookies?
a
Axel
05/10/2023, 6:23 AMmaybe the consume endpoint is the one you're lookking for?
Axel
05/10/2023, 6:23 AMr
rp_st
05/10/2023, 6:24 AMwhich versions of the frontend and backend SDKs are you using?
rp_st
05/10/2023, 6:24 AMalong with the SDK names
a
Axel
05/10/2023, 6:24 AMfront end is: "supertokens-react-native": "^3.2.0",
Axel
05/10/2023, 6:24 AMbackend: "supertokens-node": "^12.1.4"
r
rp_st
05/10/2023, 6:37 AMright ok. The combination seems fine
rp_st
05/10/2023, 6:37 AMand when you make an API request to a protected route, what are the request headers?
a
Axel
05/10/2023, 6:40 AMthen we go via hasura, so we apply "x-hasura-company-id", "x-hasura-user-id", and "x-accept-language", otherwise it should be the same. Would you like a screen shot of it?
Axel
05/10/2023, 6:41 AMwe go to a "whoami" endpoint, which checks the session and applies the hasura headers
r
rp_st
05/10/2023, 6:42 AMhmm
a
Axel
05/10/2023, 6:43 AMthe strange thing is as i explained, everything works fine when we have it setup locally on our computers
Axel
05/10/2023, 6:43 AMbut yesterday we got an environment setup on our cluster, and then specifically the refresh doesn't work
Axel
05/10/2023, 6:44 AMand we are a bit out of ideas, so i wanted to check if you could have any idea of where we could continue our debugging
r
rp_st
05/10/2023, 6:45 AMcan you make sure that you have the right versions of the frontend / backend SDK in the new env as well? Cause sometimes if you use
latesta
Axel
05/10/2023, 6:45 AMI can check soon, the backend dev is arriving any minute. And i don't have access to the remote cluster hehe
r
rp_st
05/10/2023, 6:46 AMsure.
rp_st
05/10/2023, 6:46 AM@nkshah2 can help here.
a
Axel
05/10/2023, 6:46 AMthanks alot man! 🥰
Axel
05/10/2023, 6:52 AMdoes the supertokens.getUserId() and supertokens.doessessionexist() just check the asyncstorage? I can't see any api call for the two methods.
r
rp_st
05/10/2023, 6:54 AMcorrect. It only checks the async storage
n
nkshah2
05/10/2023, 6:56 AMHey @Axel,
Whats the config you provide when initialising SuperTokens? (both frontend and backend)
a
Axel
05/10/2023, 6:57 AMok, and i see now that we are not getting any token/cookie applied to any of our api calls.
n
nkshah2
05/10/2023, 7:00 AMAlso in your consume API, could you send the full Set cookie header you receive?
a
Axel
05/10/2023, 7:00 AMthis is the front end init:
export function initSuperTokens() {
SuperTokens.init({
apiDomain: BACKEND_URL,
cookieDomain: SUPERTOKENS_COOKIE_DOMAIN,
});
}
Axel
05/10/2023, 7:01 AMthis is what we initialize the backend with:
SUPERTOKENS_API_DOMAIN : https://engine.dev.se.sto1.cluster.farmo.dev
SUPERTOKENS_API_KEY : undefined
SUPERTOKENS_APP_NAME : Farmo
SUPERTOKENS_CONNECTION_URI : https://auth.dev.se.sto1.cluster.farmo.dev
SUPERTOKENS_COOKIE_DOMAIN : ".farmo.dev"
SUPERTOKENS_DATABASE_HOST : postgres.development.svc.cluster.local
SUPERTOKENS_DATABASE_NAME : supertokens
SUPERTOKENS_DATABASE_PASSWORD : secret
SUPERTOKENS_DATABASE_PORT : 5431
SUPERTOKENS_DATABASE_USERNAME : root
SUPERTOKENS_WEBSITE_DOMAIN : https://engine.dev.se.sto1.cluster.farmo.dev
n
nkshah2
05/10/2023, 7:03 AMAnd this as well
a
Axel
05/10/2023, 7:03 AM Copy code
`
sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiNDk5ODVmYzEtMTc3Zi00NjgwLWI0MzUtYjVlM2JjMzI0ZTMwIiwidXNlcklkIjoiMTk4YWUxODAtZDg5My00YjlkLWJkYzctNDgwOWY4NzBmMTNiIiwicmVmcmVzaFRva2VuSGFzaDEiOiJjM2UxNDUyZjIwZjU3MmQ3MTk2MDYxYzA0OWU4OWE2ODE1Y2NiNmM5OWNiYjc5ZTExMWI2ZWZkYzFmZTdlMmQ1IiwidXNlckRhdGEiOnt9LCJleHBpcnlUaW1lIjoxNjgzNzA4ODEwODgzLCJ0aW1lQ3JlYXRlZCI6MTY4MzcwMTYxMDg4MywibG1ydCI6MTY4MzcwMTYxMDg4M30%3D.D%2BEKDleX70zbfvyyIlsoiz%2Bw1h24BtVtZRFrTlK7Xup4tNp7YtXyG1RsYwX1PMACZOm3GgkhI5XBMnRJWyO7dEjRMcf%2FMpLl3eyHWm8f8k4nCBFc29h1OGMewK7YrzPCjZa%2BvNlMEkGDFSme%2BWqEr%2FPAFVsskyWD2OyEoWaixwT%2F0tnvuzV6JVPVfRjINMfhzSdAK0k%2Fi4sWFo2os%2Fg6670moVIYmi6kFiQ4Snha7%2FrfYxGxNC6uXEHoV8SkxsgnlJU3%2Bz8gKprrBDW04zpQCPy8B1NAliRUhKENeTwzUshdRmAwXSCUV%2FzcMB9raSnn626YUXvDL4Zk5TIJPjayrw%3D%3D; Domain=".farmo.dev"; Path=/; Expires=Wed, 10 May 2023 08:53:30 GMT; HttpOnly; Secure; SameSite=Lax, sRefreshToken=%2B8yp7ogTPxCLXhnmvOU%2BxDDISX1R68NhoPzo%2FgGkIS1N1EWjf3C22euAXY6BqNQl%2FNxaQ7b0LZbLooeTffE702MeGQGiC4KDN1XwXZreZ6%2BS%2F9IvTcuFNChpyzjV0DAfCXn0wMrfe27VPR0H5UKEyfeMZJHExOBwVCIgN%2BJjya8bQWTFoAsT22s5IRmTiWSzjRQA3u8c6xK7RJo7FSeuisVq8AjBfoLhuptE3Im5DXctGZiZo7y%2FG9MQT1MHF6laejaJw7b6JESwCHWKVuPw.be96adaa09137901b730a95da1ea3e6d4bc732e0a776ebb10152d87b40f99d08.V2; Domain=".farmo.dev"; Path=/auth/session/refresh; Expires=Wed, 27 Aug 2025 06:53:30 GMT; HttpOnly; Secure; SameSite=Lax, sIdRefreshToken=636409de-2e7c-4697-aaad-e0366beb6331; Domain=".farmo.dev"; Path=/; Expires=Wed, 27 Aug 2025 06:53:30 GMT; HttpOnly; Secure; SameSite=LaxAxel
05/10/2023, 7:12 AMbtw, i missed mentioning the supertokens instance version we are running the cluster, which is: "docker.io/supertokens/supertokens-postgresql:3.14"
Axel
05/10/2023, 7:15 AMwe started the cluster in debug now and found:
Copy code
"2023-05-10T07:13:40.884Z com.supertokens {t: "2023-05-10T07:13:40.884Z", message: "middleware: Not handling because request path did not start with config path. Request path: /api/users/registration-status", file: "
/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:232:30" sdkVer: "12.1.4"}"Axel
05/10/2023, 7:15 AM Copy code
`
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: Started", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:140:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: rid in header: true", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:141:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: request method: get", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:142:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.860Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: returning undefined because idRefreshToken is undefined and sessionRequired is false", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:149:34" sdkVer: "12.1.4"}n
nkshah2
05/10/2023, 7:22 AMHey can you confirm one thing, after you call the consume API. Can you call
SuperTokens.doesSessionExist()a
Axel
05/10/2023, 7:24 AMyeah, i've checked, it's true and i can also get a userId()
n
nkshah2
05/10/2023, 7:25 AMThis might be easier to debug on call, if thats alright i can send you a link
a
Axel
05/10/2023, 7:25 AMsure thing!
n
nkshah2
05/10/2023, 7:25 AM31 Views