Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
g
ggishant
10/07/2022, 9:35 AMHi guys, I'm using supertokens to authenticate a Google Sheets Add On using Google as Third Party Provider. I am unable to get through a CORS Issue which wasn't there before in the application. Only the sign-in api is failing with CORS error. Any help on this?
n
nkshah2
10/07/2022, 9:36 AMHi @ggishant
Can you share the error you get in the browser?
r
rp
10/07/2022, 9:36 AMMaybe it has the CORS issue you are facing. If not, then please let us know what the browser console says
g
ggishant
10/07/2022, 9:43 AMThis is the error in browswer
n
nkshah2
10/07/2022, 9:43 AMThe browser console should also print out an error for this
Or you can hover the warning symbol (⚠️ )
Right can I see the value of
appInfog
ggishant
10/07/2022, 9:46 AMI think this is the correct error :
n
nkshah2
10/07/2022, 9:48 AMI think you have set the origin to
*CORSIt should be set to the domain of your website (
http://localhost:3000g
ggishant
10/07/2022, 9:52 AMI don't think we'll be able to use cookies as our auth method. Google set a different domain in Origin and Referer everytime it make a rqeuest, or if I just include googleusercontent.com, will it work?
n
nkshah2
10/07/2022, 9:54 AMhttps://*.googleusercontent.comBut when testing with a website running locally this will still give errors, so you may want to allow
http://localhost:3000g
ggishant
10/07/2022, 9:55 AMYes definitely
I'll try this out
I'm getting this issue now
my dev nginx config
n
nkshah2
10/07/2022, 10:34 AMYou can use the CORS middleware to do this in a much simpler way, refer to the docs here: https://supertokens.com/docs/session/quick-setup/backend#3-add-the-supertokens-apis--cors-setup
g
ggishant
10/07/2022, 10:47 AMThanks, now I'm getting this error
n
nkshah2
10/07/2022, 10:48 AMCan I see the value of the Set-Cookie header
g
ggishant
10/07/2022, 10:48 AMSure
sRefreshToken=duXb2IiEGCtVful4uW3M8Ho30Z8r9QypsABKk6E9oDAWl5Vk9lkC%2FXfRh85a%2FFu%2B7SFBCYOEfo7ay4JUaRAl4B4weGJJpXVeiQCU2VGfi%2FOE92wZ%2FFNxmeYKziu2ARu5vbBjvsmG5iuNrvcBU4s2EkKvifSDN%2FqTQSVjDvH6kJi5xgcztaAvu3nLa%2FKfDr38w4cZlNP2fVs6iDBjhXuG2tiEba5fZZs%2B%2BeepzW4jOPOFiPltyS48IB%2B4TFWoLp%2FrOPxTck8g.ca05826bdfeab9219e9fe79b23f0d6a2cb44511fc8b2f3715ed118ec32d1a64d.V2; Path=/auth/session/refresh; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Laxn
nkshah2
10/07/2022, 10:49 AMThere should be more than one cookie in it
g
ggishant
10/07/2022, 10:51 AMSet-Cookie: sRefreshToken=duXb2IiEGCtVful4uW3M8Ho30Z8r9QypsABKk6E9oDAWl5Vk9lkC%2FXfRh85a%2FFu%2B7SFBCYOEfo7ay4JUaRAl4B4weGJJpXVeiQCU2VGfi%2FOE92wZ%2FFNxmeYKziu2ARu5vbBjvsmG5iuNrvcBU4s2EkKvifSDN%2FqTQSVjDvH6kJi5xgcztaAvu3nLa%2FKfDr38w4cZlNP2fVs6iDBjhXuG2tiEba5fZZs%2B%2BeepzW4jOPOFiPltyS48IB%2B4TFWoLp%2FrOPxTck8g.ca05826bdfeab9219e9fe79b23f0d6a2cb44511fc8b2f3715ed118ec32d1a64d.V2; Path=/auth/session/refresh; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
Set-Cookie: sIdRefreshToken=7247a316-cd00-4155-9a1c-b0a674528f5f; Path=/; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
Set-Cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiODRiY2MyZDUtNjA1YS00YzU4LWJiZGYtZmYzNjBiNTAxY2VjIiwidXNlcklkIjoiMkZuUTRFM2g4VFpNVE9pT1hFb25hdDlFZVNSIiwicmVmcmVzaFRva2VuSGFzaDEiOiJlNDBhMGJhYTE1NTYzOWRmNGVjNmMzZDZhOGMzMTY4OWVmYzJhODM3MmUzM2FmZDVhY2Y5YWM0OTVkYWE3MzkyIiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY2NTE0MzE5NzM0NSwidGltZUNyZWF0ZWQiOjE2NjUxMzk1OTczNDUsImxtcnQiOjE2NjUxMzk1OTczNDR9.FOoWTUPnG64k7mw2%2Bai8Z0yT9v3t9HJ3lnqhyQ0sv%2F1uokN1FxtWhprh%2BF%2F98Vr9nn4lcYqLqCxloVPH6PB4m6kYtB32txcYpMoU5m%2FuiykS0ckDB7CoHceNn25aUcXARvJh2PanAShGbG4GrLbkPk%2BY%2FmTqNLLJajpK4QnhH0CtyG1uBD0sJGfYMMfX%2FFesnTv%2B79c1jYg0tPmhYmRuzO40XDS9sLzQSjrBX4EXDaPlrlz6zyzdF87FfZHuG47jfetrBduQctDzvgSR3rvf68UbsVXdjOnf4h9gB5%2B9aZb32JLrmo0fqeJRsQhoWX4QYF6gFm7svnClT4Z2583KMA%3D%3D; Path=/; Expires=Fri, 07 Oct 2022 11:46:37 GMT; HttpOnly; Secure; SameSite=Laxn
nkshah2
10/07/2022, 10:53 AMWhat are the values for the api and website domain?
g
ggishant
10/07/2022, 10:53 AMapi is ishant-app.amigotest.org
website is amigotest.org
n
nkshah2
10/07/2022, 10:54 AMIn the screenshot it seems that the same environment variable is used for both
g
ggishant
10/07/2022, 10:54 AMoh yes, but is that the cause of this issue?
n
nkshah2
10/07/2022, 10:55 AMSo the website domain needs to match the URL you are making requests from, in this case you would want it to be
localhost:3000g
ggishant
10/07/2022, 10:56 AMbut i want to authenticate requests from different domains as well. for instance, when I'm using the google sheets add on
Set-Cookie: workspace_id=2FnQ4E3h8TZMTOiOXEonat9EeSR; Path=/; Expires=Sat, 07 Oct 2023 10:57:04 GMT; HttpOnly; Secure; SameSite=NoneI'm able to set this cookie successfully, anyway I can disable the SameSite attribute of the cookies provided by the supertoken core?
n
nkshah2
10/07/2022, 10:58 AMg
ggishant
10/07/2022, 10:59 AMis it possible if we could get on a brief call?
n
nkshah2
10/07/2022, 11:01 AMSure, ill send you a link
g
ggishant
10/07/2022, 11:01 AMgreat
n
nkshah2
10/07/2022, 11:01 AMg
ggishant
10/07/2022, 11:55 AMSo now I have two tokens on the frontend, Front-Token and Id-Refresh-Token, is front-token the token for bearer auth?
n
nkshah2
10/07/2022, 11:59 AMFront-Token is the equivalent of access_token, if you enable JWTs with the session recipe the front token will contain the JWT. Since you are doing the frontend parts of it manually you would need to do something along the lines of
Base64Decode(FrontToken).up.jwtThe
jwtg
ggishant
10/07/2022, 12:02 PMoh cool 👍
What parameters are required for apple sign in?
n
nkshah2
10/07/2022, 12:20 PMAfter signing in with apple you can get the authorization code from the result and use that to call the signinup API
The full spec is here: https://supertokens.com/docs/fdi#/ThirdParty%20Recipe/signInUp
You dont need
codeg
ggishant
10/07/2022, 12:24 PMOn what key?
n
nkshah2
10/07/2022, 12:24 PMauthCodeResponseg
ggishant
10/07/2022, 12:25 PMI'm not getting
accessTokenn
nkshah2
10/07/2022, 12:25 PMCan you share the value of the auth code?
Also try sending the access token as an empty string
and just send the id token
g
ggishant
10/07/2022, 12:26 PMI have authorizationCode and identityToken
okay will try empty string
n
nkshah2
10/07/2022, 12:27 PMAh right in that case you want the request body to look like
{
"redirectURI": "...",
"thirdPartyId": "apple",
"code": authorizationCode,
}g
ggishant
10/07/2022, 12:29 PMThis doesn't work
Trying something else, will let you know
n
nkshah2
10/07/2022, 12:30 PMWhat error did you get?
g
ggishant
10/07/2022, 12:38 PMerr: the client for whom this key is for is different than the one provided
Also I'm unable to find the exact client id on apple dev console
n
nkshah2
10/07/2022, 12:43 PMDid you generate a service id on the apple dashboard?
https://supertokens.com/docs/thirdparty/quick-setup/backend#3-initialise-social-login-providers
The docs have a link to an article to follow for Apple, maybe that helps
g
ggishant
10/07/2022, 1:12 PMYes generated a service id on dashboard. Does supertoken only support the web flow for apple authorisation?
n
nkshah2
10/07/2022, 1:19 PMNo it supports the auth code flow as well
The service id is the client Id
g
ggishant
10/07/2022, 1:30 PMI'm getting a 404 when user redirects from the flow to my api/webpage for apple with code in query param. How do I specify the redirect url while initialising the provider?
n
nkshah2
10/07/2022, 1:34 PMYou should be able to pass AuthorisationRedirect when initialising apple which lets you specific params
To clarify, this is when you initialise the apple provider as part of initialising SuperTokens in your backend
g
ggishant
10/07/2022, 1:41 PMIs params a type from the supertokens library?
n
nkshah2
10/07/2022, 1:42 PM