Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
session issue
a
Axel Jönsson
05/10/2023, 6:14 AMGood morning!
I have a question about session refresh and access token. We are seeing an issue that hasn't appeared before. And it happens when we change enviroment from localhost to a hosted backend cluster.
For some reason i get the error "unauthorized" specifically when trying to call supertokens.attemptrefreshsession() in my react native client. But i'm able to get a user id from supertokens.getUser()
r
rp
05/10/2023, 6:18 AMhey @Axel Jönsson can you show the response headers when the sign in API request is made? A chrome screenshot would do.
a
Axel Jönsson
05/10/2023, 6:18 AMofc!
https://cdn.discordapp.com/attachments/1105739669494300723/1105740841986830387/Skarmavbild_2023-05-09_kl._20.25.24.png▾
as you can see the request is almost empty aswell
r
rp
05/10/2023, 6:20 AMno i meant the sign in API call. Not refresh API
a
Axel Jönsson
05/10/2023, 6:20 AMoh, ok!
htis is the login
https://cdn.discordapp.com/attachments/1105739669494300723/1105741394162749500/Skarmavbild_2023-05-10_kl._08.21.19.png▾
then i hace the consume aswell, which is successfull, but it's much longer since it has the cookie in it
r
rp
05/10/2023, 6:22 AMhmm. The response header has no cookies?
a
Axel Jönsson
05/10/2023, 6:23 AMmaybe the consume endpoint is the one you're lookking for?
https://cdn.discordapp.com/attachments/1105739669494300723/1105741908195680277/Skarmavbild_2023-05-10_kl._08.23.25.png▾
https://cdn.discordapp.com/attachments/1105739669494300723/1105741996338991104/Skarmavbild_2023-05-10_kl._08.23.52.png▾
r
rp
05/10/2023, 6:24 AMwhich versions of the frontend and backend SDKs are you using?
along with the SDK names
a
Axel Jönsson
05/10/2023, 6:24 AMfront end is: "supertokens-react-native": "^3.2.0",
backend: "supertokens-node": "^12.1.4"
r
rp
05/10/2023, 6:37 AMright ok. The combination seems fine
and when you make an API request to a protected route, what are the request headers?
a
Axel Jönsson
05/10/2023, 6:40 AMthen we go via hasura, so we apply "x-hasura-company-id", "x-hasura-user-id", and "x-accept-language", otherwise it should be the same. Would you like a screen shot of it?
we go to a "whoami" endpoint, which checks the session and applies the hasura headers
r
rp
05/10/2023, 6:42 AMhmm
a
Axel Jönsson
05/10/2023, 6:43 AMthe strange thing is as i explained, everything works fine when we have it setup locally on our computers
but yesterday we got an environment setup on our cluster, and then specifically the refresh doesn't work
and we are a bit out of ideas, so i wanted to check if you could have any idea of where we could continue our debugging
r
rp
05/10/2023, 6:45 AMcan you make sure that you have the right versions of the frontend / backend SDK in the new env as well? Cause sometimes if you use
latesta
Axel Jönsson
05/10/2023, 6:45 AMI can check soon, the backend dev is arriving any minute. And i don't have access to the remote cluster hehe
r
rp
05/10/2023, 6:46 AMsure.
@nkshah2 can help here.
a
Axel Jönsson
05/10/2023, 6:46 AMthanks alot man! 🥰
does the supertokens.getUserId() and supertokens.doessessionexist() just check the asyncstorage? I can't see any api call for the two methods.
r
rp
05/10/2023, 6:54 AMcorrect. It only checks the async storage
n
nkshah2
05/10/2023, 6:56 AMHey @Axel Jönsson,
Whats the config you provide when initialising SuperTokens? (both frontend and backend)
a
Axel Jönsson
05/10/2023, 6:57 AMok, and i see now that we are not getting any token/cookie applied to any of our api calls.
https://cdn.discordapp.com/attachments/1105739669494300723/1105750456904450108/Skarmavbild_2023-05-10_kl._08.56.42.png▾
n
nkshah2
05/10/2023, 7:00 AMAlso in your consume API, could you send the full Set cookie header you receive?
a
Axel Jönsson
05/10/2023, 7:00 AMthis is the front end init:
export function initSuperTokens() {
SuperTokens.init({
apiDomain: BACKEND_URL,
cookieDomain: SUPERTOKENS_COOKIE_DOMAIN,
});
}
this is what we initialize the backend with:
SUPERTOKENS_API_DOMAIN : https://engine.dev.se.sto1.cluster.farmo.dev
SUPERTOKENS_API_KEY : undefined
SUPERTOKENS_APP_NAME : Farmo
SUPERTOKENS_CONNECTION_URI : https://auth.dev.se.sto1.cluster.farmo.dev
SUPERTOKENS_COOKIE_DOMAIN : ".farmo.dev"
SUPERTOKENS_DATABASE_HOST : postgres.development.svc.cluster.local
SUPERTOKENS_DATABASE_NAME : supertokens
SUPERTOKENS_DATABASE_PASSWORD : secret
SUPERTOKENS_DATABASE_PORT : 5431
SUPERTOKENS_DATABASE_USERNAME : root
SUPERTOKENS_WEBSITE_DOMAIN : https://engine.dev.se.sto1.cluster.farmo.dev
n
nkshah2
05/10/2023, 7:03 AMAnd this as well
a
Axel Jönsson
05/10/2023, 7:03 AM`
sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiNDk5ODVmYzEtMTc3Zi00NjgwLWI0MzUtYjVlM2JjMzI0ZTMwIiwidXNlcklkIjoiMTk4YWUxODAtZDg5My00YjlkLWJkYzctNDgwOWY4NzBmMTNiIiwicmVmcmVzaFRva2VuSGFzaDEiOiJjM2UxNDUyZjIwZjU3MmQ3MTk2MDYxYzA0OWU4OWE2ODE1Y2NiNmM5OWNiYjc5ZTExMWI2ZWZkYzFmZTdlMmQ1IiwidXNlckRhdGEiOnt9LCJleHBpcnlUaW1lIjoxNjgzNzA4ODEwODgzLCJ0aW1lQ3JlYXRlZCI6MTY4MzcwMTYxMDg4MywibG1ydCI6MTY4MzcwMTYxMDg4M30%3D.D%2BEKDleX70zbfvyyIlsoiz%2Bw1h24BtVtZRFrTlK7Xup4tNp7YtXyG1RsYwX1PMACZOm3GgkhI5XBMnRJWyO7dEjRMcf%2FMpLl3eyHWm8f8k4nCBFc29h1OGMewK7YrzPCjZa%2BvNlMEkGDFSme%2BWqEr%2FPAFVsskyWD2OyEoWaixwT%2F0tnvuzV6JVPVfRjINMfhzSdAK0k%2Fi4sWFo2os%2Fg6670moVIYmi6kFiQ4Snha7%2FrfYxGxNC6uXEHoV8SkxsgnlJU3%2Bz8gKprrBDW04zpQCPy8B1NAliRUhKENeTwzUshdRmAwXSCUV%2FzcMB9raSnn626YUXvDL4Zk5TIJPjayrw%3D%3D; Domain=".farmo.dev"; Path=/; Expires=Wed, 10 May 2023 08:53:30 GMT; HttpOnly; Secure; SameSite=Lax, sRefreshToken=%2B8yp7ogTPxCLXhnmvOU%2BxDDISX1R68NhoPzo%2FgGkIS1N1EWjf3C22euAXY6BqNQl%2FNxaQ7b0LZbLooeTffE702MeGQGiC4KDN1XwXZreZ6%2BS%2F9IvTcuFNChpyzjV0DAfCXn0wMrfe27VPR0H5UKEyfeMZJHExOBwVCIgN%2BJjya8bQWTFoAsT22s5IRmTiWSzjRQA3u8c6xK7RJo7FSeuisVq8AjBfoLhuptE3Im5DXctGZiZo7y%2FG9MQT1MHF6laejaJw7b6JESwCHWKVuPw.be96adaa09137901b730a95da1ea3e6d4bc732e0a776ebb10152d87b40f99d08.V2; Domain=".farmo.dev"; Path=/auth/session/refresh; Expires=Wed, 27 Aug 2025 06:53:30 GMT; HttpOnly; Secure; SameSite=Lax, sIdRefreshToken=636409de-2e7c-4697-aaad-e0366beb6331; Domain=".farmo.dev"; Path=/; Expires=Wed, 27 Aug 2025 06:53:30 GMT; HttpOnly; Secure; SameSite=Laxbtw, i missed mentioning the supertokens instance version we are running the cluster, which is: "docker.io/supertokens/supertokens-postgresql:3.14"
we started the cluster in debug now and found:
"2023-05-10T07:13:40.884Z com.supertokens {t: "2023-05-10T07:13:40.884Z", message: "middleware: Not handling because request path did not start with config path. Request path: /api/users/registration-status", file: "
/usr/src/app/node_modules/supertokens-node/lib/build/supertokens.js:232:30" sdkVer: "12.1.4"}"`
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: Started", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:140:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: rid in header: true", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:141:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.859Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: request method: get", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:142:26" sdkVer: "12.1.4"}
2023-05-10T07:13:40.860Z com.supertokens {t: "2023-05-10T07:13:40.859Z", message: "getSession: returning undefined because idRefreshToken is undefined and sessionRequired is false", file: "/usr/src/app/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:149:34" sdkVer: "12.1.4"}n
nkshah2
05/10/2023, 7:22 AMHey can you confirm one thing, after you call the consume API. Can you call
SuperTokens.doesSessionExist()a
Axel Jönsson
05/10/2023, 7:24 AMyeah, i've checked, it's true and i can also get a userId()
n
nkshah2
05/10/2023, 7:25 AMThis might be easier to debug on call, if thats alright i can send you a link
a
Axel Jönsson
05/10/2023, 7:25 AMsure thing!
n
nkshah2
05/10/2023, 7:25 AM