Hi sorry if this is stupid question, Im new to auth, is it normal for the refreshtoken not being sto...

1wei_

02/20/2024, 5:14 PM

Hi sorry if this is stupid question, Im new to auth, is it normal for the refreshtoken not being stored in the Storage? My frontend sdk is set up based on the docs however so far I only see sAccessToken. my backend has the logs that it was all set up though

Copy code

2024-02-21 01:09:25 [DEBUG] [cookie_and_header] - {"t": "2024-02-20T17:09:25.666Z", "sdkVer": "0.17.0", "message": "Setting access token as cookie", "file": "recipe/session/cookie_and_header.py:267"}
com.supertokens {"t": "2024-02-20T17:09:25.666Z", "sdkVer": "0.17.0", "message": "Setting refresh token as cookie", "file": "recipe/session/cookie_and_header.py:267"}

2024-02-21 01:09:25 [DEBUG] [cookie_and_header] - {"t": "2024-02-20T17:09:25.666Z", "sdkVer": "0.17.0", "message": "Setting refresh token as cookie", "file": "recipe/session/cookie_and_header.py:267"}
2024-02-21 01:09:25 [INFO] [_internal] - 127.0.0.1 - - [21/Feb/2024 01:09:25] "POST /auth/signin HTTP/1.1" 200 -

rp_st

02/21/2024, 5:11 AM

hey @1wei_ it is stored in the cookie store just like the access token, but chrome doesn't show it unless you visit the /auth/session/refresh path. Just a chrome UI thing

1wei_

02/21/2024, 7:49 AM

Hihi I checked on the postman and yep its there. Just wondering why there is 2 refreshtoken with one false httponly

rp_st

02/21/2024, 8:10 AM

thats unexpected.

rp_st

02/21/2024, 8:11 AM

the path of the one that has

is not set by us. So not sure how that ended up in postman

1wei_

02/21/2024, 11:19 AM

Ohh hmm i have a pressing issue is that The cookies werent attached on the headers -> do i need to do it manually? Also my backend verify session cannot detect my session in the frontend even though my browser had accesstoken stored

1wei_

02/21/2024, 11:20 AM

So what may be the problem? Other than setting session.init() is there any other thing i need to do to set up the session on frontend? I already have sign in and out which add token and remove token

1wei_

02/21/2024, 11:20 AM

Im using react and use supertoken web js for custom ui

rp_st

02/21/2024, 11:39 AM

you dont have to add tokens manually

rp_st

02/21/2024, 11:40 AM

what are the response headers from the sign in API? (please show screenshot as seen on chrome)

1wei_

02/21/2024, 12:06 PM

1wei_

02/21/2024, 12:08 PM

and the refresh token the problem is verify_session does not receive any cookies i have verify session under one of my api (/cafe) so when this particular api is called, it keeps showing unauthorised

rp_st

02/21/2024, 4:12 PM

what is the request headers for the API you are calling that returns a 401?

1wei_

02/22/2024, 7:52 AM

here is the header, it doesnt have the cookie.

1wei_

02/22/2024, 7:52 AM

so i was wondering do I need to manually add it?

1wei_

02/22/2024, 7:53 AM

the sdk should intercept right but it seems like its not

1wei_

02/22/2024, 7:53 AM

i put this in my index.js

Copy code

SuperTokens.init({
  appInfo: {
    apiDomain: "http://localhost:5000",
    apiBasePath: "/auth",
    appName: "My Web API",
    websiteDomain: "http://localhost:3000"
  },
  recipeList: [EmailPassword.init(), Session.init()]
});

rp_st

02/22/2024, 4:55 PM

whats the URL you are querying in the above screenshot? Is it http://localhost:5000?

1wei_

02/23/2024, 2:44 AM

I realise 127.0.0.1 is different from localhost thanks a lot! I fixed my teams' env and it works now.

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).