https://supertokens.com/ logo
Join Discord
Powered by
hi, Im trying to verify a session by sending a pos...
# general
h
hi, Im trying to verify a session by sending a post request to /recipe/session/verify with headers: { "api-key": "key", "cid-version": "2.13", "rid": "session", "content-type": "application/json; charset=utf-8" } and body { "accessToken": "token" } but i keep getting invalid api key. I have checked and restart several times with other keys and made sure they match. Any idea of what i am missing in this call?
r
it's cdi-version, not cid-version Other than that, then only reason to get invalid API key is if you are passing an invalid api key
are you using our managed service or self hosted?
h
sorry my mistake, i was using cdi just misspelled here
self-hosted
r
can you remove the API key from the core and query without the api-key header? If that works, we know that the issue is only with the api key that you are sending
h
i tried including 3 keys min length 20 char according to the docs
ok, thanks i will try that
r
How have you added those keys in the core? And how are you sending the key in the API request?
h
pass env variable to the docker container
r
can I see the value of it?
h
sure, now im using:
API_KEYS: oWXsBCohJmnwgCqCdMxUF,dbdhirlvOWSAXfwdMLSAD,fUraxvHNuQeUctIyFHGYr
r
hmm. that seems fine
h
and the first one for the call
r
hmmm.
h
ill try without keys in a sec
r
yup
h
hmm now i got Field name 'accessToken' is invalid in JSON input
🙂
const { data } = await axios.post( 'http://supertokens:3567/recipe/session/verify', { data: { accessToken: token }, headers: { 'cdi-version': '2.13', rid: 'session', 'content-type': 'application/json; charset=utf-8', }, }, );
r
try:
Copy code
const { data } = await axios.post(
        'http://supertokens:3567/recipe/session/verify',
        {
          data: { "accessToken": "token" },
          headers: {
            'cdi-version': '2.13',
            rid: 'session',
            'content-type': 'application/json; charset=utf-8',
          },
        },
      );
or rather:
Copy code
const { data } = await axios.post(
        'http://supertokens:3567/recipe/session/verify',
        {
          data: JSON.stringify({accessToken: "token" }),
          headers: {
            'cdi-version': '2.13',
            rid: 'session',
            'content-type': 'application/json; charset=utf-8',
          },
        },
      );
h
hehe yes prettier keep removing the " 🙂
r
ah ok
well at least the api key error didn't show up
can you try it with postman?
h
yea thanks will check that
hmm after adding enableAntiCsrf and doAntiCsrfCheck i get a response in postman
r
hmm
h
i tried using the node-sdk Session.getSession(req, res) but since I am using Websockets i dont have a res-object. It would be nice if this function could be used without the res-object 🙂
r
For websockets, you should not use cookie based session the way we have it
h
alright, not secure?
r
not that it's not secure, but it's cause cookies are more of a http request thing than a web socket thing
Also, now that the request works without the api-key maybe try to add back just one API key and query via postman using the api-key header
does that work?
h
yea but it would be kinda convenient, close the connection if session is not verified 🙂
yes ill try that
r
> yea but it would be kinda convenient, close the connection if session is not verified Yea.. i don't think cookies work with web sockets 😅 ..
But the method explained in the link above also works and is not too difficult to implement
h
but the cookie is sent to my backend so i can use it to verfiy though
r
it's sent for the websocket events too?
h
works now with the api-key so it is something with my axios call
yea
pure browser Websocket API
r
hmm. that's interesting
i would still not recommend using it. Cause our function is made keeping in mind normal http request / responses + session refreshing won't work as it is with web sockets.
h
I only need it on connection, but maybe Ill implement a authentication as the first message sent instead and make sure it is refreshed
but thanks a lot for the help!
r
on first connection, do you mean when you create the web socket?
h
yes
r
ah right. that is possible.
I mean in that case, you should have access to the req and res object?
You can just use our verifySession function?
h
maybe, Im using Nestjs and their implementation of gateways do not
perhaps I can get it out somehow
r
We have a guide on nestjs
have you seen that?
h
yea
r
that doesn't help?
h
it covers the normal http request
but not the socket part unfortunately
but I have dug into if i can get the response object yet
havent
r
alright!
feel free to open an issue about this in our node repo if you like. We can have a look
h
yes, and if I find a nice solution I can post it as well
r
that would be helpful 🙂 thanks
h
yea no problem, and again thanks for the help!
actually, I just passed an empty object {} as response object and it worked 🙂
r
hahaha! well..
h
shouldve tried that in the first place haha
3 Views
PreviousNext
Powered by