https://supertokens.com/ logo
Title
g

ggishant

10/07/2022, 9:35 AM
Hi guys, I'm using supertokens to authenticate a Google Sheets Add On using Google as Third Party Provider. I am unable to get through a CORS Issue which wasn't there before in the application. Only the sign-in api is failing with CORS error. Any help on this?
n

nkshah2

10/07/2022, 9:36 AM
Hi @ggishant
Can you share the error you get in the browser?
Maybe it has the CORS issue you are facing. If not, then please let us know what the browser console says
g

ggishant

10/07/2022, 9:43 AM
This is the error in browswer
n

nkshah2

10/07/2022, 9:43 AM
The browser console should also print out an error for this
Or you can hover the warning symbol (⚠️ )
Right can I see the value of
appInfo
in your backend when you call SuperTokens.init
g

ggishant

10/07/2022, 9:46 AM
I think this is the correct error :
n

nkshah2

10/07/2022, 9:48 AM
I think you have set the origin to
*
when using the
CORS
middleware
It should be set to the domain of your website (
http://localhost:3000
in this case)
g

ggishant

10/07/2022, 9:52 AM
I don't think we'll be able to use cookies as our auth method. Google set a different domain in Origin and Referer everytime it make a rqeuest, or if I just include googleusercontent.com, will it work?
n

nkshah2

10/07/2022, 9:54 AM
https://*.googleusercontent.com
this should work
But when testing with a website running locally this will still give errors, so you may want to allow
http://localhost:3000
during development
g

ggishant

10/07/2022, 9:55 AM
Yes definitely
I'll try this out
I'm getting this issue now
my dev nginx config
n

nkshah2

10/07/2022, 10:34 AM
You can use the CORS middleware to do this in a much simpler way, refer to the docs here: https://supertokens.com/docs/session/quick-setup/backend#3-add-the-supertokens-apis--cors-setup
g

ggishant

10/07/2022, 10:47 AM
Thanks, now I'm getting this error
n

nkshah2

10/07/2022, 10:48 AM
Can I see the value of the Set-Cookie header
g

ggishant

10/07/2022, 10:48 AM
Sure
sRefreshToken=duXb2IiEGCtVful4uW3M8Ho30Z8r9QypsABKk6E9oDAWl5Vk9lkC%2FXfRh85a%2FFu%2B7SFBCYOEfo7ay4JUaRAl4B4weGJJpXVeiQCU2VGfi%2FOE92wZ%2FFNxmeYKziu2ARu5vbBjvsmG5iuNrvcBU4s2EkKvifSDN%2FqTQSVjDvH6kJi5xgcztaAvu3nLa%2FKfDr38w4cZlNP2fVs6iDBjhXuG2tiEba5fZZs%2B%2BeepzW4jOPOFiPltyS48IB%2B4TFWoLp%2FrOPxTck8g.ca05826bdfeab9219e9fe79b23f0d6a2cb44511fc8b2f3715ed118ec32d1a64d.V2; Path=/auth/session/refresh; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
n

nkshah2

10/07/2022, 10:49 AM
There should be more than one cookie in it
g

ggishant

10/07/2022, 10:51 AM
Set-Cookie: sRefreshToken=duXb2IiEGCtVful4uW3M8Ho30Z8r9QypsABKk6E9oDAWl5Vk9lkC%2FXfRh85a%2FFu%2B7SFBCYOEfo7ay4JUaRAl4B4weGJJpXVeiQCU2VGfi%2FOE92wZ%2FFNxmeYKziu2ARu5vbBjvsmG5iuNrvcBU4s2EkKvifSDN%2FqTQSVjDvH6kJi5xgcztaAvu3nLa%2FKfDr38w4cZlNP2fVs6iDBjhXuG2tiEba5fZZs%2B%2BeepzW4jOPOFiPltyS48IB%2B4TFWoLp%2FrOPxTck8g.ca05826bdfeab9219e9fe79b23f0d6a2cb44511fc8b2f3715ed118ec32d1a64d.V2; Path=/auth/session/refresh; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
Set-Cookie: sIdRefreshToken=7247a316-cd00-4155-9a1c-b0a674528f5f; Path=/; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
Set-Cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiODRiY2MyZDUtNjA1YS00YzU4LWJiZGYtZmYzNjBiNTAxY2VjIiwidXNlcklkIjoiMkZuUTRFM2g4VFpNVE9pT1hFb25hdDlFZVNSIiwicmVmcmVzaFRva2VuSGFzaDEiOiJlNDBhMGJhYTE1NTYzOWRmNGVjNmMzZDZhOGMzMTY4OWVmYzJhODM3MmUzM2FmZDVhY2Y5YWM0OTVkYWE3MzkyIiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY2NTE0MzE5NzM0NSwidGltZUNyZWF0ZWQiOjE2NjUxMzk1OTczNDUsImxtcnQiOjE2NjUxMzk1OTczNDR9.FOoWTUPnG64k7mw2%2Bai8Z0yT9v3t9HJ3lnqhyQ0sv%2F1uokN1FxtWhprh%2BF%2F98Vr9nn4lcYqLqCxloVPH6PB4m6kYtB32txcYpMoU5m%2FuiykS0ckDB7CoHceNn25aUcXARvJh2PanAShGbG4GrLbkPk%2BY%2FmTqNLLJajpK4QnhH0CtyG1uBD0sJGfYMMfX%2FFesnTv%2B79c1jYg0tPmhYmRuzO40XDS9sLzQSjrBX4EXDaPlrlz6zyzdF87FfZHuG47jfetrBduQctDzvgSR3rvf68UbsVXdjOnf4h9gB5%2B9aZb32JLrmo0fqeJRsQhoWX4QYF6gFm7svnClT4Z2583KMA%3D%3D; Path=/; Expires=Fri, 07 Oct 2022 11:46:37 GMT; HttpOnly; Secure; SameSite=Lax
n

nkshah2

10/07/2022, 10:53 AM
What are the values for the api and website domain?
g

ggishant

10/07/2022, 10:53 AM
api is ishant-app.amigotest.org website is amigotest.org
n

nkshah2

10/07/2022, 10:54 AM
In the screenshot it seems that the same environment variable is used for both
g

ggishant

10/07/2022, 10:54 AM
oh yes, but is that the cause of this issue?
n

nkshah2

10/07/2022, 10:55 AM
So the website domain needs to match the URL you are making requests from, in this case you would want it to be
localhost:3000
g

ggishant

10/07/2022, 10:56 AM
but i want to authenticate requests from different domains as well. for instance, when I'm using the google sheets add on
Set-Cookie: workspace_id=2FnQ4E3h8TZMTOiOXEonat9EeSR; Path=/; Expires=Sat, 07 Oct 2023 10:57:04 GMT; HttpOnly; Secure; SameSite=None
I'm able to set this cookie successfully, anyway I can disable the SameSite attribute of the cookies provided by the supertoken core?
g

ggishant

10/07/2022, 10:59 AM
is it possible if we could get on a brief call?
n

nkshah2

10/07/2022, 11:01 AM
Sure, ill send you a link
g

ggishant

10/07/2022, 11:01 AM
great
n

nkshah2

10/07/2022, 11:01 AM
g

ggishant

10/07/2022, 11:55 AM
So now I have two tokens on the frontend, Front-Token and Id-Refresh-Token, is front-token the token for bearer auth?
n

nkshah2

10/07/2022, 11:59 AM
Front-Token is the equivalent of access_token, if you enable JWTs with the session recipe the front token will contain the JWT. Since you are doing the frontend parts of it manually you would need to do something along the lines of
Base64Decode(FrontToken).up.jwt
The
jwt
is what you would use for Bearer tokens
g

ggishant

10/07/2022, 12:02 PM
oh cool 👍
What parameters are required for apple sign in?
n

nkshah2

10/07/2022, 12:20 PM
After signing in with apple you can get the authorization code from the result and use that to call the signinup API
You dont need
code
g

ggishant

10/07/2022, 12:24 PM
On what key?
n

nkshah2

10/07/2022, 12:24 PM
authCodeResponse
g

ggishant

10/07/2022, 12:25 PM
I'm not getting
accessToken
from apple login
n

nkshah2

10/07/2022, 12:25 PM
Can you share the value of the auth code?
Also try sending the access token as an empty string
and just send the id token
g

ggishant

10/07/2022, 12:26 PM
I have authorizationCode and identityToken
okay will try empty string
n

nkshah2

10/07/2022, 12:27 PM
Ah right in that case you want the request body to look like
{
  "redirectURI": "...",
  "thirdPartyId": "apple",
  "code": authorizationCode,
}
g

ggishant

10/07/2022, 12:29 PM
This doesn't work
Trying something else, will let you know
n

nkshah2

10/07/2022, 12:30 PM
What error did you get?
g

ggishant

10/07/2022, 12:38 PM
err: the client for whom this key is for is different than the one provided
Also I'm unable to find the exact client id on apple dev console
n

nkshah2

10/07/2022, 12:43 PM
Did you generate a service id on the apple dashboard?
https://supertokens.com/docs/thirdparty/quick-setup/backend#3-initialise-social-login-providers The docs have a link to an article to follow for Apple, maybe that helps
g

ggishant

10/07/2022, 1:12 PM
Yes generated a service id on dashboard. Does supertoken only support the web flow for apple authorisation?
n

nkshah2

10/07/2022, 1:19 PM
No it supports the auth code flow as well
The service id is the client Id
g

ggishant

10/07/2022, 1:30 PM
I'm getting a 404 when user redirects from the flow to my api/webpage for apple with code in query param. How do I specify the redirect url while initialising the provider?
n

nkshah2

10/07/2022, 1:34 PM
You should be able to pass AuthorisationRedirect when initialising apple which lets you specific params
To clarify, this is when you initialise the apple provider as part of initialising SuperTokens in your backend
g

ggishant

10/07/2022, 1:41 PM
Is params a type from the supertokens library?