Hi guys, I'm using supertokens to authenticate a G...
# support-questions-legacy
g
Hi guys, I'm using supertokens to authenticate a Google Sheets Add On using Google as Third Party Provider. I am unable to get through a CORS Issue which wasn't there before in the application. Only the sign-in api is failing with CORS error. Any help on this?
n
Hi @ggi_d
Can you share the error you get in the browser?
Maybe it has the CORS issue you are facing. If not, then please let us know what the browser console says
g
This is the error in browswer
n
The browser console should also print out an error for this
Or you can hover the warning symbol (⚠️ )
g
n
Right can I see the value of
appInfo
in your backend when you call SuperTokens.init
g
I think this is the correct error :
n
I think you have set the origin to
*
when using the
CORS
middleware
It should be set to the domain of your website (
http://localhost:3000
in this case)
g
I don't think we'll be able to use cookies as our auth method. Google set a different domain in Origin and Referer everytime it make a rqeuest, or if I just include googleusercontent.com, will it work?
n
https://*.googleusercontent.com
this should work
But when testing with a website running locally this will still give errors, so you may want to allow
http://localhost:3000
during development
g
Yes definitely
I'll try this out
I'm getting this issue now
my dev nginx config
n
You can use the CORS middleware to do this in a much simpler way, refer to the docs here: https://supertokens.com/docs/session/quick-setup/backend#3-add-the-supertokens-apis--cors-setup
g
Thanks, now I'm getting this error
n
Can I see the value of the Set-Cookie header
g
Sure
sRefreshToken=duXb2IiEGCtVful4uW3M8Ho30Z8r9QypsABKk6E9oDAWl5Vk9lkC%2FXfRh85a%2FFu%2B7SFBCYOEfo7ay4JUaRAl4B4weGJJpXVeiQCU2VGfi%2FOE92wZ%2FFNxmeYKziu2ARu5vbBjvsmG5iuNrvcBU4s2EkKvifSDN%2FqTQSVjDvH6kJi5xgcztaAvu3nLa%2FKfDr38w4cZlNP2fVs6iDBjhXuG2tiEba5fZZs%2B%2BeepzW4jOPOFiPltyS48IB%2B4TFWoLp%2FrOPxTck8g.ca05826bdfeab9219e9fe79b23f0d6a2cb44511fc8b2f3715ed118ec32d1a64d.V2; Path=/auth/session/refresh; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
n
There should be more than one cookie in it
g
Copy code
Set-Cookie: sRefreshToken=duXb2IiEGCtVful4uW3M8Ho30Z8r9QypsABKk6E9oDAWl5Vk9lkC%2FXfRh85a%2FFu%2B7SFBCYOEfo7ay4JUaRAl4B4weGJJpXVeiQCU2VGfi%2FOE92wZ%2FFNxmeYKziu2ARu5vbBjvsmG5iuNrvcBU4s2EkKvifSDN%2FqTQSVjDvH6kJi5xgcztaAvu3nLa%2FKfDr38w4cZlNP2fVs6iDBjhXuG2tiEba5fZZs%2B%2BeepzW4jOPOFiPltyS48IB%2B4TFWoLp%2FrOPxTck8g.ca05826bdfeab9219e9fe79b23f0d6a2cb44511fc8b2f3715ed118ec32d1a64d.V2; Path=/auth/session/refresh; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
Set-Cookie: sIdRefreshToken=7247a316-cd00-4155-9a1c-b0a674528f5f; Path=/; Expires=Sun, 15 Jan 2023 10:46:37 GMT; HttpOnly; Secure; SameSite=Lax
Set-Cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiODRiY2MyZDUtNjA1YS00YzU4LWJiZGYtZmYzNjBiNTAxY2VjIiwidXNlcklkIjoiMkZuUTRFM2g4VFpNVE9pT1hFb25hdDlFZVNSIiwicmVmcmVzaFRva2VuSGFzaDEiOiJlNDBhMGJhYTE1NTYzOWRmNGVjNmMzZDZhOGMzMTY4OWVmYzJhODM3MmUzM2FmZDVhY2Y5YWM0OTVkYWE3MzkyIiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY2NTE0MzE5NzM0NSwidGltZUNyZWF0ZWQiOjE2NjUxMzk1OTczNDUsImxtcnQiOjE2NjUxMzk1OTczNDR9.FOoWTUPnG64k7mw2%2Bai8Z0yT9v3t9HJ3lnqhyQ0sv%2F1uokN1FxtWhprh%2BF%2F98Vr9nn4lcYqLqCxloVPH6PB4m6kYtB32txcYpMoU5m%2FuiykS0ckDB7CoHceNn25aUcXARvJh2PanAShGbG4GrLbkPk%2BY%2FmTqNLLJajpK4QnhH0CtyG1uBD0sJGfYMMfX%2FFesnTv%2B79c1jYg0tPmhYmRuzO40XDS9sLzQSjrBX4EXDaPlrlz6zyzdF87FfZHuG47jfetrBduQctDzvgSR3rvf68UbsVXdjOnf4h9gB5%2B9aZb32JLrmo0fqeJRsQhoWX4QYF6gFm7svnClT4Z2583KMA%3D%3D; Path=/; Expires=Fri, 07 Oct 2022 11:46:37 GMT; HttpOnly; Secure; SameSite=Lax
n
What are the values for the api and website domain?
g
api is ishant-app.amigotest.org website is amigotest.org
n
In the screenshot it seems that the same environment variable is used for both
g
oh yes, but is that the cause of this issue?
n
So the website domain needs to match the URL you are making requests from, in this case you would want it to be
localhost:3000
g
but i want to authenticate requests from different domains as well. for instance, when I'm using the google sheets add on
Set-Cookie: workspace_id=2FnQ4E3h8TZMTOiOXEonat9EeSR; Path=/; Expires=Sat, 07 Oct 2023 10:57:04 GMT; HttpOnly; Secure; SameSite=None
I'm able to set this cookie successfully, anyway I can disable the SameSite attribute of the cookies provided by the supertoken core?
g
is it possible if we could get on a brief call?
n
Sure, ill send you a link
g
great
n
g
So now I have two tokens on the frontend, Front-Token and Id-Refresh-Token, is front-token the token for bearer auth?
n
Front-Token is the equivalent of access_token, if you enable JWTs with the session recipe the front token will contain the JWT. Since you are doing the frontend parts of it manually you would need to do something along the lines of
Base64Decode(FrontToken).up.jwt
The
jwt
is what you would use for Bearer tokens
g
oh cool 👍
What parameters are required for apple sign in?
n
After signing in with apple you can get the authorization code from the result and use that to call the signinup API
You dont need
code
g
On what key?
n
authCodeResponse
g
I'm not getting
accessToken
from apple login
n
Can you share the value of the auth code?
Also try sending the access token as an empty string
and just send the id token
g
I have authorizationCode and identityToken
okay will try empty string
n
Ah right in that case you want the request body to look like
Copy code
{
  "redirectURI": "...",
  "thirdPartyId": "apple",
  "code": authorizationCode,
}
g
This doesn't work
Trying something else, will let you know
n
What error did you get?
g
err: the client for whom this key is for is different than the one provided
Also I'm unable to find the exact client id on apple dev console
n
Did you generate a service id on the apple dashboard?
https://supertokens.com/docs/thirdparty/quick-setup/backend#3-initialise-social-login-providers The docs have a link to an article to follow for Apple, maybe that helps
g
Yes generated a service id on dashboard. Does supertoken only support the web flow for apple authorisation?
n
No it supports the auth code flow as well
The service id is the client Id
g
I'm getting a 404 when user redirects from the flow to my api/webpage for apple with code in query param. How do I specify the redirect url while initialising the provider?
n
You should be able to pass AuthorisationRedirect when initialising apple which lets you specific params
To clarify, this is when you initialise the apple provider as part of initialising SuperTokens in your backend
g
Is params a type from the supertokens library?
7 Views