https://supertokens.com/ logo
e

EdwinN1337

06/29/2022, 9:13 AM
hey guys, we are a little lost implementing auth for our capacitor apps (different domains)... What's the usecase for the cookieHandler?
Copy code
js
  supertokens.init({
    ...frontendConfig().appInfo,
    cookieHandler: capacitorCookieHandler,
  })
We are following this guide now, since our implementation didn't work as expected (due to lax cookies & safari webkit issue): https://supertokens.com/docs/thirdpartyemailpassword/advanced-customizations/examples/localstorage/about
r

rp

06/29/2022, 9:14 AM
hey @EdwinN1337
e

EdwinN1337

06/29/2022, 9:14 AM
hey, misunderstood a concept sry 😉
r

rp

06/29/2022, 9:14 AM
Why didn't the cookie handler method work?
e

EdwinN1337

06/29/2022, 9:26 AM
Safari blocks cookies from third party. and our api is one a different domain ... I've been reading the guide of using localStorage instead of cookies, that points to that specific problem.
r

rp

06/29/2022, 9:26 AM
Yea. Can you make the API on the same domain, but have a different sub domain?
Or at least route it through an API that's on the same domain or different sub domain?
that would be the best solution for this issue
using localstorage can be done, but it's quite messy
e

EdwinN1337

06/29/2022, 9:29 AM
Capacitor apps are served on
http://localhost
and
capacitor://localhost
(ios/android) no option to change that 😦
r

rp

06/29/2022, 9:32 AM
So is the native app being an issue or the webapp part?
e

EdwinN1337

06/29/2022, 9:32 AM
native
webapps = fine, its served on subdomain
r

rp

06/29/2022, 9:33 AM
but in the native app, is it using a webview? Or something else?
e

EdwinN1337

06/29/2022, 9:33 AM
it's using webview
r

rp

06/29/2022, 9:33 AM
So the URL that is loaded in the webview is not the subdomain URL?
So as per my understanding, capacitor enables the JS you write to communicate with the native swift / obj-c code. So it should not be using webview at all, and so safari's "bug" should not matter at all
most likely i am wrong here.. cause i have never used capacitor, but just for my understanding
e

EdwinN1337

06/29/2022, 9:38 AM
What exactly is the cookieHandler doing? parsing the cookie from the response, set is to storage and use it in the fetch interceptor?
r

rp

06/29/2022, 9:39 AM
yes. Parsing of the raw set-cookie string, storing it somewhere, and then later on providing it back when needed (during request interception)
e

EdwinN1337

06/29/2022, 9:40 AM
right, got it
Okey, well I forgot to put sameSite: none 😉
will try
sameSite: none
+ cookieHandler now on iOs device
r

rp

06/29/2022, 9:40 AM
right.. but safari has a bug that ignores it. Lol
e

EdwinN1337

06/29/2022, 9:40 AM
yeah, it's a huge problem from what i read on forums
r

rp

06/29/2022, 9:41 AM
yeaa.. they don't even wanna fix it.. not sure why
r

rp

06/29/2022, 9:42 AM
I think you can try it using the customCookie handler for iOS. maybe there it will work
and if not, then yea.. localstorage method
e

EdwinN1337

06/29/2022, 9:43 AM
then I have to build 2 api's (one for the webapps and one for capacitor) and share the handlers
r

rp

06/29/2022, 9:44 AM
uhmm. Not necessarily. You could build your own middleware which checks if the request contains the headers passed from iOS, and then set them as cookies before calling our verifySession function. And then use this custom middleware in all your APIs instead of using our verifySession middleware
e

EdwinN1337

06/29/2022, 9:45 AM
will do that!
I'll update the example app to make it more clean and clear. It's slightly broken at the moment cause of version changes in our SDKs
e

EdwinN1337

06/29/2022, 9:49 AM
to bad 😦 401 on safari, rest 200
r

rp

06/29/2022, 9:49 AM
oh flip.
and the URL on which the app is loaded is capacitor://localhost?
e

EdwinN1337

06/29/2022, 9:50 AM
correct
hitting our
https://shop-git-staging.lokalist.vercel.app/api/auth
paths
r

rp

06/29/2022, 9:50 AM
hmm
Let me see about some easy solutions. Will get back
e

EdwinN1337

06/29/2022, 9:55 AM
Sure thanks!
😄
r

rp

06/29/2022, 10:02 AM
Is there anyway to proxy the request through something like
capacitor://localhost/api/*
or something?
or maybe run a proxy server in the app itself which listens on that path
e

EdwinN1337

06/29/2022, 10:04 AM
r

rp

06/29/2022, 10:05 AM
right, but the scheme would still be capacitor:// right?
e

EdwinN1337

06/29/2022, 10:05 AM
right, also if changing that will cause set of different bugs 😭
r

rp

06/29/2022, 10:05 AM
yea.. probably
e

EdwinN1337

06/29/2022, 10:05 AM
proxy is not possible i guess? its pure client side / js html css
r

rp

06/29/2022, 10:08 AM
well, let me cleanup the with-localhost app real quick so you can use that as a reference
e

EdwinN1337

06/29/2022, 10:08 AM
super, thanks for the support
r

rp

06/29/2022, 10:08 AM
we intended to clean it up anyway in the coming 2-3 weeks.. but this is a motivation to do it now.. hehe
e

EdwinN1337

06/29/2022, 10:09 AM
you got a usecase now 😄 glad
r

rp

06/29/2022, 10:09 AM
yeaa
i was hoping that this would never be required by anyone.. but well
e

EdwinN1337

06/29/2022, 10:09 AM
there is a native
http
plugin where cors restrictions don't apply https://ionicframework.com/docs/native/http/#installation
not sure if that would solve anything, will dive into it
r

Rob Schilder

06/29/2022, 10:32 AM
WOOOH
never been so happy to see a 200
r

rp

06/29/2022, 10:32 AM
oh awesome! hahah
how did you get it to work?
e

EdwinN1337

06/29/2022, 10:33 AM
ah, there is an option in capacitor to edit hostname so now it's
capacitor://lokalist.nl
instead of
capacitor://localhost
Copy code
js
  server: {
    hostname: `${DOMAIN}` ,
  },
r

rp

06/29/2022, 10:33 AM
right! did that cause any other issues though?
and also, you can go back to using sameSite lax
e

EdwinN1337

06/29/2022, 10:34 AM
problem is, we cant use web api's that requires secure context
r

rp

06/29/2022, 10:34 AM
yea. as the docs says
e

EdwinN1337

06/29/2022, 10:34 AM
yea right, but we don't use it 😛
r

rp

06/29/2022, 10:35 AM
well then! fair enough
e

EdwinN1337

06/29/2022, 10:36 AM
yeah, thanks anyways! let's move to prod finally (4 apps hehe) 👍
r

rp

06/29/2022, 10:37 AM
maybe you can consider making an example app that uses capacitor, and submit a PR.. clearly it's not very straightforward.
e

EdwinN1337

06/29/2022, 11:42 AM
I will do that!
r

rp

06/29/2022, 11:42 AM
thanks!
hey! I have cleaned up the example app and it works now: https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-localstorage In case you are interested.
e

EdwinN1337

06/29/2022, 4:45 PM
Super thanks! will check it
Havent got the perfect solution yet..., iOS everything works perfect but now android stopped working since it doesn't support custom scheme on webview 😦
r

rp

06/29/2022, 4:48 PM
huh.. so android needs to load on http://?