What could be the culprit

Question

wdjzr · Answer

Everything else works like signin protected api routes etc

rp · Answer

Hmmm

rp · Answer

Can you enable debug logging on the backend and show the logs for the refresh API

wdjzr · Answer

I delete the access token cookie and try an api route after I get a 401 my refresh token and other cookies get deleted

wdjzr · Answer

Sure let me do that

wdjzr · Answer

This is the relevant part

rp · Answer

right So it s possible that nginx is not forwarding the refresh token cookie to the server

wdjzr · Answer

The client gets the refresh token for sure I am not sure if it gets back to server

wdjzr · Answer

But after the 401 all of my cookies get deleted

rp · Answer

can i see the request headers being sent from the browser

rp · Answer

when the refresh API call is made

wdjzr · Answer

Mm yea

rp · Answer

hmm the refresh token is missing

wdjzr · Answer

sIdrefresh is there but the token is not

wdjzr · Answer

Weird

rp · Answer

can you logout login and try again

rp · Answer

maybe you manually deleted the refresh token as well by mistake

wdjzr · Answer

Same outcome

rp · Answer

can i see the response headers in the login API

wdjzr · Answer

I just deleted the access token

wdjzr · Answer

Sure

rp · Answer

so the refresh token is being sent

rp · Answer

i mean the client is getting it

wdjzr · Answer

Yes its there

rp · Answer

the path that it will be sent to is ` api auth session refresh`

rp · Answer

does that match the refresh API path When that API is being called

wdjzr · Answer

Yes

wdjzr · Answer

Well actually to backend api auth session refresh

wdjzr · Answer

But that backend part is the nginx proxy

rp · Answer

right so that s the issue

wdjzr · Answer

The login signout also goes thru that

rp · Answer

whats the apiBasePath that you have set on the frontend

wdjzr · Answer

backend api auth

rp · Answer

and on the backend

wdjzr · Answer

base path is api auth and api domain is `APIDomain https localhost backend `

wdjzr · Answer

Ahhh

wdjzr · Answer

Let me try localhost as the domain and backend api as the path

wdjzr · Answer

Now I just get 404s login stopped working too

wdjzr · Answer

I will try frontend domain with localhost backend

wdjzr · Answer

I guess that may work

rp · Answer

actually the apiBasePath should be api auth but add another config called apiGatewayPath which should be ` backend`

wdjzr · Answer

For frontend or backend

rp · Answer

backend

wdjzr · Answer

This is also kinda weird let me show you this

wdjzr · Answer

Now I set apiDomain https localhost backend on frontend and the basePath is api auth

wdjzr · Answer

But the sdk is making requests to localhost api instead

wdjzr · Answer

It makes sense if it only accepts domains without paths

wdjzr · Answer

Trying this now

wdjzr · Answer

It worked

rp · Answer

ok great

wdjzr · Answer

Sorry for bruteforcing the solution

wdjzr · Answer

Did not see the apigateway in the guides but I shouldve just checked the struct in the SDK

wdjzr · Answer

Thanks a lot

rp · Answer

https supertokens com docs thirdpartyemailpassword appinfo apigatewaypath optional