https://supertokens.com/ logo
sharing the core across same apps
d

Dalai Llama

05/10/2023, 10:05 AM
Hey, I have an app already running with 'email password login' strategy. But we are building a separate app, kind of like a back office for the main app. I was just wondering is it possible to use the same supertokens account to create this back office app? Can there be any issues with such implementation? Also can I use a different strategy for the back office using same account?
r

rp

05/10/2023, 11:31 AM
hey @Dalai Llama You could use the same core across the two apps. But you need to use two different login methods for these apps and also have two different backends (with our backend sdk) for these two apps.
d

Dalai Llama

05/10/2023, 3:56 PM
Hey ok, so I have 2 seaerate backends running. main app is served on port 3000 and back office app on port 4000. Main app is using email password strategy and back office is using passwordless strategy. But when I go to http://localhost:4000/auth/dashboard it says my api key is invalid and I cannot access dashboard. Note that the dashboard is still working fine for main app on port 3000.
r

rp

05/10/2023, 4:02 PM
Is localhost:4000 the backend for the back office app?
d

Dalai Llama

05/10/2023, 4:06 PM
yes
r

rp

05/10/2023, 4:07 PM
are both the apps using the same backend
?
d

Dalai Llama

05/10/2023, 4:10 PM
No the apps have 2 separate backends. Main app runs on nestjs while 2nd app runs on express. They just use the same api credentials.
r

rp

05/10/2023, 4:11 PM
hmm. That's odd. All i can think of is that you double check the api key added to the new backend - maybe there is a typo, or an extra space somewhere?
d

Dalai Llama

05/10/2023, 4:14 PM
Actually I just noticed that if I go to the dashboard of my main app http://localhost:3000/auth/dashboard then I can see the user which was created from the 2nd app (from port 4000). But I still cannot login from the 4000.
So the api key is fine, otherwise it would not have registered new user
r

rp

05/10/2023, 4:14 PM
Yea. Cause they share the same core.
Are you talking about the core api key or the dashboard login api key?
d

Dalai Llama

05/10/2023, 4:17 PM
I have just 1 api key which is used to initialize, I don't know what other api key is there
Ah you mean the api key in the recipe of Dashboard?
I use only 1 key everywhere
r

rp

05/10/2023, 4:20 PM
Right. Does user login via the back office app work?
d

Dalai Llama

05/10/2023, 4:22 PM
See I cannot get into the dashboard

https://cdn.discordapp.com/attachments/1105797689150554195/1105892569747034143/image.png

but if I put port 3000 instead then it works, that is the old main app
r

rp

05/10/2023, 4:22 PM
Are you using env vars for adding the dashboard api key to the backend?
d

Dalai Llama

05/10/2023, 4:23 PM
yes
supertokens.init({
    framework: "express",
    supertokens: {
      connectionURI: process.env.SUPERTOKENS_CONNECTION_URI,
      apiKey: process.env.SUPERTOKENS_API_KEY,
    },
    appInfo: {
      appName: "...",
      apiDomain: process.env.API_DOMAIN,
      websiteDomain: process.env.WEBSITE_DOMAIN,
      apiBasePath: "/auth",
      websiteBasePath: "/auth",
    },
    recipeList: [
      Passwordless.init({
        flowType: "USER_INPUT_CODE",
        contactMethod: "EMAIL",
      }),
      Session.init(),
      Dashboard.init({
        apiKey: process.env.SUPERTOKENS_API_KEY,
      }),
    ],
  });
r

rp

05/10/2023, 4:27 PM
CAn you print out the value of the env variable right before you use it to see if it’s actually the correct thing you are trying to use?
d

Dalai Llama

05/10/2023, 4:29 PM
I tested it out by directly passing the string, but that is not the issue
r

rp

05/10/2023, 4:30 PM
Hmmm. Can I see the api request being made from the browser? And it’s response?
d

Dalai Llama

05/10/2023, 4:35 PM
The screenshot that I gave makes request like this: http://localhost:4000/auth/dashboard/api/key/validate and the api key is in Authorization header after Bearer ... and response is 401
r

rp

05/10/2023, 4:37 PM
can you open an issue about this on our github please along with your set for the new app? We will try and debug this tomorrow.
d

Dalai Llama

05/10/2023, 4:41 PM
ok thanks
b

BradV-RM

05/11/2023, 9:54 AM
Hello, was there a github issue raised for this? I've ran into the same issue where I had the dashboard working fine with an API Key, however I now get a 401 unauthorised call in the browser when trying to validate the key. I'm running a singular backend on port 4000 (I've tried 3000 again but still doesn't work)
r

rp

05/11/2023, 9:55 AM
no issue raised for this. Please raise one along with how to replicate
@nkshah2 tagging you here
n

nkshah2

05/11/2023, 9:57 AM
Oh sorry
b

BradV-RM

05/11/2023, 9:57 AM
sorry, i might have confused things by adding onto yesterday's topic. I'm running one backend, and that backend is using 13.6.0
n

nkshah2

05/11/2023, 9:57 AM
Hey @Dalai Llama Do both backends use the same version of supertokens-node?
d

Dalai Llama

05/11/2023, 10:43 AM
Hey @nkshah2 , no they were using different versions of supertokens-node
r

rp

05/11/2023, 10:43 AM
we found the issue. We are releasing a fix
d

Dalai Llama

05/11/2023, 10:43 AM
oh nice, sorry I didnt get to creating the issue yesterday
r

rp

05/11/2023, 10:43 AM
but you will have to update the backend SDK for the fix.
which also means you will have to update the core since the latest backend SDK depends on the latest core
d

Dalai Llama

05/11/2023, 10:44 AM
Yeah I got the update to the core, so have to update the sdk anyway
r

rp

05/11/2023, 10:44 AM
ah ok
d

Dalai Llama

05/11/2023, 12:31 PM
I have updated all sdks along with the core. Please let me know when this is fixed as I cannot login to the dashboard now with api key.
r

rp

05/11/2023, 12:49 PM
sure.
hey @Dalai Llama - we have fixed the issue. Please update to node SDK version 14.0.1
d

Dalai Llama

05/11/2023, 2:13 PM
thanks!