Channels
#general
Title
h
hoffeman
05/19/2022, 6:48 PMhi, Im trying to verify a session by sending a post request to /recipe/session/verify with headers: { "api-key": "key", "cid-version": "2.13", "rid": "session", "content-type": "application/json; charset=utf-8" } and body { "accessToken": "token" } but i keep getting invalid api key. I have checked and restart several times with other keys and made sure they match. Any idea of what i am missing in this call?
r
rp
05/19/2022, 6:50 PMit's cdi-version, not cid-version
Other than that, then only reason to get invalid API key is if you are passing an invalid api key
are you using our managed service or self hosted?
h
hoffeman
05/19/2022, 6:50 PMsorry my mistake, i was using cdi just misspelled here
self-hosted
r
rp
05/19/2022, 6:51 PMcan you remove the API key from the core and query without the api-key header? If that works, we know that the issue is only with the api key that you are sending
h
hoffeman
05/19/2022, 6:51 PMi tried including 3 keys min length 20 char according to the docs
ok, thanks i will try that
r
rp
05/19/2022, 6:51 PMHow have you added those keys in the core? And how are you sending the key in the API request?
h
hoffeman
05/19/2022, 6:51 PMpass env variable to the docker container
r
rp
05/19/2022, 6:52 PMcan I see the value of it?
h
hoffeman
05/19/2022, 6:52 PMsure, now im using:
API_KEYS: oWXsBCohJmnwgCqCdMxUF,dbdhirlvOWSAXfwdMLSAD,fUraxvHNuQeUctIyFHGYr
r
rp
05/19/2022, 6:52 PMhmm. that seems fine
h
hoffeman
05/19/2022, 6:53 PMand the first one for the call
r
rp
05/19/2022, 6:53 PMhmmm.
h
hoffeman
05/19/2022, 6:53 PMill try without keys in a sec
r
rp
05/19/2022, 6:53 PMyup
h
hoffeman
05/19/2022, 6:54 PMhmm now i got Field name 'accessToken' is invalid in JSON input
🙂
const { data } = await axios.post(
'http://supertokens:3567/recipe/session/verify',
{
data: { accessToken: token },
headers: {
'cdi-version': '2.13',
rid: 'session',
'content-type': 'application/json; charset=utf-8',
},
},
);
r
rp
05/19/2022, 6:55 PMtry:
Copy code
const { data } = await axios.post(
'http://supertokens:3567/recipe/session/verify',
{
data: { "accessToken": "token" },
headers: {
'cdi-version': '2.13',
rid: 'session',
'content-type': 'application/json; charset=utf-8',
},
},
);or rather:
Copy code
const { data } = await axios.post(
'http://supertokens:3567/recipe/session/verify',
{
data: JSON.stringify({accessToken: "token" }),
headers: {
'cdi-version': '2.13',
rid: 'session',
'content-type': 'application/json; charset=utf-8',
},
},
);h
hoffeman
05/19/2022, 6:56 PMhehe yes prettier keep removing the " 🙂
r
rp
05/19/2022, 6:56 PMah ok
well at least the api key error didn't show up
can you try it with postman?
h
hoffeman
05/19/2022, 6:57 PMyea thanks will check that
hmm after adding enableAntiCsrf and doAntiCsrfCheck i get a response in postman
r
rp
05/19/2022, 7:04 PMhmm
h
hoffeman
05/19/2022, 7:05 PMi tried using the node-sdk Session.getSession(req, res) but since I am using Websockets i dont have a res-object. It would be nice if this function could be used without the res-object 🙂
r
rp
05/19/2022, 7:05 PMFor websockets, you should not use cookie based session the way we have it
h
hoffeman
05/19/2022, 7:06 PMalright, not secure?
r
rp
05/19/2022, 7:06 PMCheck this out: https://community.supertokens.com/t/427303/With-web-sockets
not that it's not secure, but it's cause cookies are more of a http request thing than a web socket thing
Also, now that the request works without the api-key maybe try to add back just one API key and query via postman using the api-key header
does that work?
h
hoffeman
05/19/2022, 7:07 PMyea but it would be kinda convenient, close the connection if session is not verified 🙂
yes ill try that
r
rp
05/19/2022, 7:08 PM> yea but it would be kinda convenient, close the connection if session is not verified
Yea.. i don't think cookies work with web sockets 😅 ..
But the method explained in the link above also works and is not too difficult to implement
h
hoffeman
05/19/2022, 7:09 PMbut the cookie is sent to my backend so i can use it to verfiy though
r
rp
05/19/2022, 7:09 PMit's sent for the websocket events too?
h
hoffeman
05/19/2022, 7:10 PMworks now with the api-key so it is something with my axios call
yea
pure browser Websocket API
r
rp
05/19/2022, 7:10 PMhmm. that's interesting
i would still not recommend using it. Cause our function is made keeping in mind normal http request / responses + session refreshing won't work as it is with web sockets.
h
hoffeman
05/19/2022, 7:12 PMI only need it on connection, but maybe Ill implement a authentication as the first message sent instead and make sure it is refreshed
but thanks a lot for the help!
r
rp
05/19/2022, 7:14 PMon first connection, do you mean when you create the web socket?
h
hoffeman
05/19/2022, 7:14 PMyes
r
rp
05/19/2022, 7:14 PMah right. that is possible.
I mean in that case, you should have access to the req and res object?
You can just use our verifySession function?
h
hoffeman
05/19/2022, 7:15 PMmaybe, Im using Nestjs and their implementation of gateways do not
perhaps I can get it out somehow
r
rp
05/19/2022, 7:15 PMWe have a guide on nestjs
have you seen that?
h
hoffeman
05/19/2022, 7:15 PMyea
r
rp
05/19/2022, 7:16 PMthat doesn't help?
h
hoffeman
05/19/2022, 7:16 PMit covers the normal http request
but not the socket part unfortunately
but I have dug into if i can get the response object yet
havent
r
rp
05/19/2022, 7:17 PMalright!
feel free to open an issue about this in our node repo if you like. We can have a look
h
hoffeman
05/19/2022, 7:18 PMyes, and if I find a nice solution I can post it as well
r
rp
05/19/2022, 7:18 PMthat would be helpful 🙂 thanks
h
hoffeman
05/19/2022, 7:18 PMyea no problem, and again thanks for the help!
actually, I just passed an empty object {} as response object and it worked 🙂
r
rp
05/19/2022, 7:24 PMhahaha! well..
h
hoffeman
05/19/2022, 7:24 PMshouldve tried that in the first place haha
3 Views