https://supertokens.com/
Join Discord
Hi, i'm having an issue in flutter while migrating sessions from firebase auth, the migration works ...
# support-questions-legacy
j
Hi, i'm having an issue in flutter while migrating sessions from firebase auth, the migration works fine, the new session cookie is set, but when navigating to the next page and making an API call, 
SuperTokens.getAccessToken()
returns null. Any ideas on why the session would be lost ?
r
hey @jeffaknine can i see the frontend SDK's supertokens.init?
j
Sure!
Copy code
SuperTokens.init(apiDomain: "http://localhost:3333", apiBasePath: "/auth");
r
so you are using header based auth right? Not cookie based?
j
Well i guess i haven't really looked into that, when doing a normal login it all works fine, when migrating the session i'm getting the issue. Would you like to see the backend implementation ?
r
when you say migrating the session, what do you mean?
j
Copy code
ts
app.post(
    `${env.COME_ON_AUTH_API_BASE_PATH}/migrate-session`,
    async (req, res) => {
        //This route should only be called by the new version of the app if the user is currently logged in with Firebase

        // extract the access token from the request object
        if (req.headers.authorization !== undefined) {
            let access_token = req.headers.authorization.split("Bearer ")[1];

            try {
                // verify the access token and retrieve the old userId
                let decodedToken: CustomClaims = (await verifyFirebaseToken(
                    access_token
                )) as CustomClaims;
                let customUserId =
                    decodedToken["https://hasura.io/jwt/claims"]["x-hasura-user-id"];
                // create a new SuperTokens session using the customUserId
                // the createNewSession function will attach the SuperTokens session tokens to the response object.
                await Passwordless.signInUp({
                    phoneNumber: decodedToken.phone_number,
                    tenantId: "public",
                });
                await Session.createNewSession(
                    req,
                    res,
                    "public",
                    customUserId,
                    getHasuraCustomClaims(customUserId)
                );
                return res
                    .status(200)
                    .send({
                        message: "User successfuly migrated, please login with supertokens",
                    });
            } catch (error) {
                console.log(error);
                return res
                    .status(500)
                    .send({ message: "Couldn't verify firebase token" });
            }
        }
        // handle access_token not present in request
        return res
            .status(500)
            .send({ message: "A jwt is required in the Authorization headers" });
    }
);
What i mean is that our users are currently on firebase auth, and we are migrating to supertokens
r
right i see.
So can you show me the response headers from this APi call?
j
yes but it's too long i can't paste it
is a screenshot enough ?
r
yup
j
Thank you for being so reactive btw
r
this seems fine.
what are the request headers?
j
So, to our backend implementation i showed you above, we're just passing the 
Authorization: Bearer $firebaseToken
r
i would want to see all the headers please./
j
r
and what is the behaviour that you see after the api is called?
@nkshah2 can also help here.
j
it all works well, we get redirected to the app, but then an api call is made which requires a token, and when calling the 
SuperTokens.getAccessToken()
we get 
null
r
if you call 
SuperTokens.getAccessToken()
before the redirection, does it work?
j
yes
r
hmm. What happens if you call this API, and then restart your app (without a redirection). Does the getAccessToken function return the token after app restart?
j
let me try that quickly
so yeah i disabled the redirection, the migrate worked, i have a token, i restarted the app and it showed me the same token
r
is there anything you do during the redirection? Any netowkr call?
j
Yes there are a few network calls that are being done, they all pass succesfully until we get that null response from the 
getAccessToken
I don't want to take too much of your time
I was just wondering if the migrate session we were doing was the correct way, or if there was a step we were missing
r
it is happening correctly
my best guess is that one of the network calls during redirection is somehow causing the session to be revoked
j
is this something that i can check on the backend call ? Or just look at the response headers ?
r
response headers should be fine. If any APi call has front-token: "remove" in the response headers, it means that the frontend will delete all the tokens is has
j
alright thanks i'll look for that
i can't find anything in the headers, i'm doing a request which works and one millisecond later another request which isn't able to get the token
r
tha't very strange. @nkshah2 can help here sometime tomorrow.
j
This is the last request that succeeds
r
does it contain the authorization header?
j
yes the last one does
r
and the response headers of this API call?
j
it's the screenshot i showed you above
r
right. Hmm
Im not sure how this would be happeniong then
Maybe @nkshah2 can help out tomorrow.
j
Alright thanks a lot ! And thanks for making your product open source, it is great and flexible
r
thank you!
btw, why did you want to migrate out of firebase auth>?
j
We've been having issues with their phone login
SMS weren't always received by our users
r
understood! thanks for the info.
j
and Firebase doesn't expose any logs for that
r
Hey @jeffaknine when will you be available tomorrow?
j
Hey @rp_st it seems like it was an issue on our side. Some side effect was logging out the user. Really sorry to have wasted your time
r
no worries!
9 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by