Hey usually the signOut flow just simply worked I called two SuperTokens.com #support-questions

Hey, usually the signOut flow just simply worked. ...

TELYA

04/19/2022, 11:47 PM

Hey, usually the signOut flow just simply worked. I called two supertokens function at the frontend side (Next.js)

Copy code

typescript
await EmailPasswordReact.signOut();
await EmailPasswordReact.redirectToAuth({ show: "signin" });

And it cleared all my cookies and redirected to the login page. It was pretty much it, but i noticed, that after i added a change password functionality to my site and after i successfully changed my password the EmailPasswordReact.signOut function call didn't cleared my cookies. I had to delete them manually then after a relogging, it worked just as before. I checked my backend(Nest.js) code and it seems fine

Copy code

typescript
  @Post("/change-password")
  @UseGuards(AuthGuard)
  async changePassword(
    @Session() session: SessionContainer,
    @Body() changePasswordDto: ChangePasswordDto,
    @Res() res: Response
  ) {
    const { currentPassword, newPassword } = changePasswordDto;

    const userId = session.getUserId();
    const userInfo = await EmailPasswordNode.getUserById(userId);

    if (userInfo === undefined) {
      throw new Error("Should never come here");
    }

    const isPasswordValid = await EmailPasswordNode.signIn(userInfo.email, currentPassword);

    if (isPasswordValid.status !== "OK") {
      throw new BadRequestException("Hibás jelenlegi jelszó");
    }

    const response = await EmailPasswordNode.updateEmailOrPassword({
      userId,
      password: newPassword
    }).catch((error) => {
      console.log(error);
      throw new InternalServerErrorException("Váratlan hiba");
    });

    if (response.status !== "OK") {
      throw new InternalServerErrorException("Váratlan hiba");
    }

    await SupertokensSession.revokeAllSessionsForUser(userId);
    await session.revokeSession();

    return res.status(401);
  }

Do you guys have any idea what i did wrong ? Thanks for the answers in advance 🙂

04/20/2022, 3:42 AM

Hey @TELYA

04/20/2022, 3:42 AM

Can you enable debug logging and then call the signOut API and show the logs?

04/20/2022, 3:44 AM

Also, I noticed that you send a 401 on successful password reset above. This means it will trigger the refresh API after the change-password API is called. Is the refresh API being called?

04/20/2022, 3:44 AM

And since you revoke the session, the refresh API should fail and the user should be logged out immediately

04/20/2022, 8:29 AM

You should send back a 200 status code from your API and see if that makes a diff

TELYA

04/20/2022, 9:13 AM

I got solve the problem. And yeah you have right, i don't need the

await EmailPasswordReact.signOut();

and the

await EmailPasswordReact.redirectToAuth({ show: "signin" });

because like you said i only need a 401 unauthorized response back from my backend. The problem was in Nestjs the

return res.status(401);

didn't work so i replaced it to

throw new UnauthorizedException();

and it worked perfectly. I wanna say thanks to your thoughts. It really helped me find out what was wrong 🙂

TELYA

04/20/2022, 10:51 AM

I have one more question relation to this. When the browser got the 401 unauthorized response i will be redirected to the login screen. In the url i see

redirectToPath=%2Fprofile

because i was in profile page. Can i change this somehow, because after password change i login back and got redirected back to the

/profile

page but i would like to go

instead.

04/20/2022, 11:08 AM

Yea. You can run JS on the page to reload the page without that query param

04/20/2022, 11:09 AM

The other way is that when you use the auth wrapper, you can set requireAuth: false, and then it won’t redirect automatically. You will then need to redirect yourself

04/20/2022, 11:09 AM

And when you redirect yourself, you can do so without the redirectToPath query param

TELYA

04/20/2022, 11:22 AM

Cool, thanks 🙂

6 Views

Previous Next