Channels
#support-questions
Title
e
EdwinN1337
06/29/2022, 9:13 AMhey guys, we are a little lost implementing auth for our capacitor apps (different domains)...
What's the usecase for the cookieHandler?
Copy code
js
supertokens.init({
...frontendConfig().appInfo,
cookieHandler: capacitorCookieHandler,
})r
rp
06/29/2022, 9:14 AMhey @EdwinN1337
e
EdwinN1337
06/29/2022, 9:14 AMhey, misunderstood a concept sry 😉
r
rp
06/29/2022, 9:14 AMWhy didn't the cookie handler method work?
e
EdwinN1337
06/29/2022, 9:26 AMSafari blocks cookies from third party. and our api is one a different domain ...
I've been reading the guide of using localStorage instead of cookies, that points to that specific problem.
r
rp
06/29/2022, 9:26 AMYea. Can you make the API on the same domain, but have a different sub domain?
Or at least route it through an API that's on the same domain or different sub domain?
that would be the best solution for this issue
using localstorage can be done, but it's quite messy
e
EdwinN1337
06/29/2022, 9:29 AMCapacitor apps are served on
http://localhostcapacitor://localhostr
rp
06/29/2022, 9:32 AMSo is the native app being an issue or the webapp part?
e
EdwinN1337
06/29/2022, 9:32 AMnative
webapps = fine, its served on subdomain
r
rp
06/29/2022, 9:33 AMbut in the native app, is it using a webview? Or something else?
e
EdwinN1337
06/29/2022, 9:33 AMit's using webview
r
rp
06/29/2022, 9:33 AMSo the URL that is loaded in the webview is not the subdomain URL?
So as per my understanding, capacitor enables the JS you write to communicate with the native swift / obj-c code. So it should not be using webview at all, and so safari's "bug" should not matter at all
most likely i am wrong here.. cause i have never used capacitor, but just for my understanding
e
EdwinN1337
06/29/2022, 9:38 AMWhat exactly is the cookieHandler doing? parsing the cookie from the response, set is to storage and use it in the fetch interceptor?
r
rp
06/29/2022, 9:39 AMyes. Parsing of the raw set-cookie string, storing it somewhere, and then later on providing it back when needed (during request interception)
e
EdwinN1337
06/29/2022, 9:40 AMright, got it
Okey, well I forgot to put sameSite: none 😉
will try
sameSite: noner
rp
06/29/2022, 9:40 AMright.. but safari has a bug that ignores it. Lol
e
EdwinN1337
06/29/2022, 9:40 AMyeah, it's a huge problem from what i read on forums
r
rp
06/29/2022, 9:41 AMyeaa.. they don't even wanna fix it.. not sure why
e
EdwinN1337
06/29/2022, 9:41 AMhttps://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/examples/localstorage/about
then i have to follow this i guess
r
rp
06/29/2022, 9:42 AMI think you can try it using the customCookie handler for iOS. maybe there it will work
and if not, then yea.. localstorage method
e
EdwinN1337
06/29/2022, 9:43 AMthen I have to build 2 api's (one for the webapps and one for capacitor) and share the handlers
r
rp
06/29/2022, 9:44 AMuhmm. Not necessarily. You could build your own middleware which checks if the request contains the headers passed from iOS, and then set them as cookies before calling our verifySession function.
And then use this custom middleware in all your APIs instead of using our verifySession middleware
e
EdwinN1337
06/29/2022, 9:45 AMwill do that!
r
rp
06/29/2022, 9:47 AMSort of like what's happening here: https://github.com/supertokens/supertokens-auth-react/blob/master/examples/with-localstorage/api-server.js#L66
I'll update the example app to make it more clean and clear. It's slightly broken at the moment cause of version changes in our SDKs
e
EdwinN1337
06/29/2022, 9:49 AMto bad 😦
401 on safari, rest 200
r
rp
06/29/2022, 9:49 AMoh flip.
and the URL on which the app is loaded is capacitor://localhost?
e
EdwinN1337
06/29/2022, 9:50 AMcorrect
hitting our
https://shop-git-staging.lokalist.vercel.app/api/authr
rp
06/29/2022, 9:50 AMhmm
Let me see about some easy solutions. Will get back
e
EdwinN1337
06/29/2022, 9:55 AMSure thanks!
😄
r
rp
06/29/2022, 10:02 AMIs there anyway to proxy the request through something like
capacitor://localhost/api/*or maybe run a proxy server in the app itself which listens on that path
e
EdwinN1337
06/29/2022, 10:04 AMhttps://capacitorjs.com/docs/config#schema
We could edit
hostnamer
rp
06/29/2022, 10:05 AMright, but the scheme would still be capacitor:// right?
e
EdwinN1337
06/29/2022, 10:05 AMright, also if changing that will cause set of different bugs 😭
r
rp
06/29/2022, 10:05 AMyea.. probably
e
EdwinN1337
06/29/2022, 10:05 AMproxy is not possible i guess? its pure client side / js html css
r
rp
06/29/2022, 10:08 AMwell, let me cleanup the with-localhost app real quick so you can use that as a reference
e
EdwinN1337
06/29/2022, 10:08 AMsuper, thanks for the support
r
rp
06/29/2022, 10:08 AMwe intended to clean it up anyway in the coming 2-3 weeks.. but this is a motivation to do it now.. hehe
e
EdwinN1337
06/29/2022, 10:09 AMyou got a usecase now 😄 glad
r
rp
06/29/2022, 10:09 AMyeaa
i was hoping that this would never be required by anyone.. but well
e
EdwinN1337
06/29/2022, 10:09 AMthere is a native
httpnot sure if that would solve anything, will dive into it
r
Rob Schilder
06/29/2022, 10:32 AMWOOOH
never been so happy to see a 200
r
rp
06/29/2022, 10:32 AMoh awesome! hahah
how did you get it to work?
e
EdwinN1337
06/29/2022, 10:33 AMah, there is an option in capacitor to edit hostname
so now it's
capacitor://lokalist.nlcapacitor://localhost Copy code
js
server: {
hostname: `${DOMAIN}` ,
},r
rp
06/29/2022, 10:33 AMright! did that cause any other issues though?
and also, you can go back to using sameSite lax
e
EdwinN1337
06/29/2022, 10:34 AMproblem is, we cant use web api's that requires secure context
r
rp
06/29/2022, 10:34 AMyea. as the docs says
e
EdwinN1337
06/29/2022, 10:34 AMyea right, but we don't use it 😛
r
rp
06/29/2022, 10:35 AMwell then! fair enough
e
EdwinN1337
06/29/2022, 10:36 AMyeah, thanks anyways! let's move to prod finally (4 apps hehe) 👍
r
rp
06/29/2022, 10:37 AMmaybe you can consider making an example app that uses capacitor, and submit a PR.. clearly it's not very straightforward.
e
EdwinN1337
06/29/2022, 11:42 AMI will do that!
r
rp
06/29/2022, 11:42 AMthanks!
hey! I have cleaned up the example app and it works now: https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-localstorage
In case you are interested.
e
EdwinN1337
06/29/2022, 4:45 PMSuper thanks! will check it
Havent got the perfect solution yet..., iOS everything works perfect but now android stopped working since it doesn't support custom scheme on webview 😦
r
rp
06/29/2022, 4:48 PMhuh.. so android needs to load on http://?