h

    hoffeman

    4 months ago
    hi, Im trying to verify a session by sending a post request to /recipe/session/verify with headers: { "api-key": "key", "cid-version": "2.13", "rid": "session", "content-type": "application/json; charset=utf-8" } and body { "accessToken": "token" } but i keep getting invalid api key. I have checked and restart several times with other keys and made sure they match. Any idea of what i am missing in this call?
    r

    rp

    4 months ago
    it's cdi-version, not cid-version Other than that, then only reason to get invalid API key is if you are passing an invalid api key
    are you using our managed service or self hosted?
    h

    hoffeman

    4 months ago
    sorry my mistake, i was using cdi just misspelled here
    self-hosted
    r

    rp

    4 months ago
    can you remove the API key from the core and query without the api-key header? If that works, we know that the issue is only with the api key that you are sending
    h

    hoffeman

    4 months ago
    i tried including 3 keys min length 20 char according to the docs
    ok, thanks i will try that
    r

    rp

    4 months ago
    How have you added those keys in the core? And how are you sending the key in the API request?
    h

    hoffeman

    4 months ago
    pass env variable to the docker container
    r

    rp

    4 months ago
    can I see the value of it?
    h

    hoffeman

    4 months ago
    sure, now im using:
    API_KEYS: oWXsBCohJmnwgCqCdMxUF,dbdhirlvOWSAXfwdMLSAD,fUraxvHNuQeUctIyFHGYr
    r

    rp

    4 months ago
    hmm. that seems fine
    h

    hoffeman

    4 months ago
    and the first one for the call
    r

    rp

    4 months ago
    hmmm.
    h

    hoffeman

    4 months ago
    ill try without keys in a sec
    r

    rp

    4 months ago
    yup
    h

    hoffeman

    4 months ago
    hmm now i got Field name 'accessToken' is invalid in JSON input
    🙂
    const { data } = await axios.post( 'http://supertokens:3567/recipe/session/verify', { data: { accessToken: token }, headers: { 'cdi-version': '2.13', rid: 'session', 'content-type': 'application/json; charset=utf-8', }, }, );
    r

    rp

    4 months ago
    try:
    const { data } = await axios.post(
            'http://supertokens:3567/recipe/session/verify',
            {
              data: { "accessToken": "token" },
              headers: {
                'cdi-version': '2.13',
                rid: 'session',
                'content-type': 'application/json; charset=utf-8',
              },
            },
          );
    or rather:
    const { data } = await axios.post(
            'http://supertokens:3567/recipe/session/verify',
            {
              data: JSON.stringify({accessToken: "token" }),
              headers: {
                'cdi-version': '2.13',
                rid: 'session',
                'content-type': 'application/json; charset=utf-8',
              },
            },
          );
    h

    hoffeman

    4 months ago
    hehe yes prettier keep removing the " 🙂
    r

    rp

    4 months ago
    ah ok
    well at least the api key error didn't show up
    can you try it with postman?
    h

    hoffeman

    4 months ago
    yea thanks will check that
    hmm after adding enableAntiCsrf and doAntiCsrfCheck i get a response in postman
    r

    rp

    4 months ago
    hmm
    h

    hoffeman

    4 months ago
    i tried using the node-sdk Session.getSession(req, res) but since I am using Websockets i dont have a res-object. It would be nice if this function could be used without the res-object 🙂
    r

    rp

    4 months ago
    For websockets, you should not use cookie based session the way we have it
    h

    hoffeman

    4 months ago
    alright, not secure?
    r

    rp

    4 months ago
    not that it's not secure, but it's cause cookies are more of a http request thing than a web socket thing
    Also, now that the request works without the api-key maybe try to add back just one API key and query via postman using the api-key header
    does that work?
    h

    hoffeman

    4 months ago
    yea but it would be kinda convenient, close the connection if session is not verified 🙂
    yes ill try that
    r

    rp

    4 months ago
    yea but it would be kinda convenient, close the connection if session is not verified Yea.. i don't think cookies work with web sockets 😅 ..
    But the method explained in the link above also works and is not too difficult to implement
    h

    hoffeman

    4 months ago
    but the cookie is sent to my backend so i can use it to verfiy though
    r

    rp

    4 months ago
    it's sent for the websocket events too?
    h

    hoffeman

    4 months ago
    works now with the api-key so it is something with my axios call
    yea
    pure browser Websocket API
    r

    rp

    4 months ago
    hmm. that's interesting
    i would still not recommend using it. Cause our function is made keeping in mind normal http request / responses + session refreshing won't work as it is with web sockets.
    h

    hoffeman

    4 months ago
    I only need it on connection, but maybe Ill implement a authentication as the first message sent instead and make sure it is refreshed
    but thanks a lot for the help!
    r

    rp

    4 months ago
    on first connection, do you mean when you create the web socket?
    h

    hoffeman

    4 months ago
    yes
    r

    rp

    4 months ago
    ah right. that is possible.
    I mean in that case, you should have access to the req and res object?
    You can just use our verifySession function?
    h

    hoffeman

    4 months ago
    maybe, Im using Nestjs and their implementation of gateways do not
    perhaps I can get it out somehow
    r

    rp

    4 months ago
    We have a guide on nestjs
    have you seen that?
    h

    hoffeman

    4 months ago
    yea
    r

    rp

    4 months ago
    that doesn't help?
    h

    hoffeman

    4 months ago
    it covers the normal http request
    but not the socket part unfortunately
    but I have dug into if i can get the response object yet
    havent
    r

    rp

    4 months ago
    alright!
    feel free to open an issue about this in our node repo if you like. We can have a look
    h

    hoffeman

    4 months ago
    yes, and if I find a nice solution I can post it as well
    r

    rp

    4 months ago
    that would be helpful 🙂 thanks
    h

    hoffeman

    4 months ago
    yea no problem, and again thanks for the help!
    actually, I just passed an empty object {} as response object and it worked 🙂
    r

    rp

    4 months ago
    hahaha! well..
    h

    hoffeman

    4 months ago
    shouldve tried that in the first place haha