@rp SuperTokens working with Ionic 6?

hey @vishalc

We are developing mobile app using ionic v6 and angular framework. Which documentation should we use for this? WEB(angular) or native(android and ios)?

for angular, do you want to use the pre built UI that we have or your own UI?

own UI

then pick one of the guides, and then follow the "use your own UI" section

ok

can i see the response headers of the API call? maybe @nkshah2 can help here

Yep, can we see the response headers of the login call?

Looks like the cookies are being sent, can I see the config you pass to supertokens when initialising it on the backend?

ionic : SuperTokens.init({ appInfo: { apiDomain: 'http://192.168.29.127:8080', apiBasePath: "/auth", appName: "Commercial", }, recipeList: [ Session.init(), EmailPassword.init(), ], }); Backend : supertokens.init({ appInfo: config.appInfo, supertokens: { connectionURI: "http://0.0.0.0:3567", apiKey: "", }, recipeList: [ EmailPassword.init(), UserRoles.init(), Session.init(), // initializes session features UserMetaData.init() ] }); appInfo: { appName: "Commercial Console", apiDomain: "http://0.0.0.0:8080", websiteDomain: "http://0.0.0.0" apiBasePath: "/auth", websiteBasePath: "/auth" },

The API domain on both frontend and backend should be the same, so you should use the IP for the api domain on the backend as well

ok

They are httponly cookies, you can see the response headers for them

how can i print tokens(headers) in console

What token are you trying to print?

sAccessToken and sIdRefreshToken

Those are received as httponly cookies and not as headers

how to send these tokens to backed for varification?

When you call APIs on your backend they will be received as cookies

i called http API but cokies not received on backend side

Did you change the api domain to be the IP on the backend?

yes

Can i see the response of the login API?

backend side logs?

Frontend network tab

ok then

I need to see the network tab for when you make the request

Thats the OPTIONS API, can you select the next one

Can you post the rest of response headers section too

I meant, in this window there will be more headers

Right so the cookies are being received, can you hover the warning symbol next to them and see what the error is

This attempt to set a cookie via a Set-Cookie header was blocked because it had the "SameSite=Lax" attribute but came from a cross-site response which was not the response to a top-level navigation.

Whats the web url you are loading in your app?

web url means http post url ?

No the url of your app

application installed in android mobile and don't understand which url?

On your backend can you send the code for where you configure CORS

app.enableCors({ origin: true, allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()], credentials: true, });

On your backend in the session recipe you can set same site to be none instead of lax, see if that helps

recipeList: [ EmailPassword.init(), UserRoles.init(), Session.init({ cookieSameSite: 'none' }), // initializes session features UserMetaData.init() ]

can you try using header based auth instead of cookie based?

A single PC (run app and backend) and the same network are working well, but a different PC (run app and backend) and the same network are not working.

hey @vishalc

Are you facing issues with the header based auth based on the example rp linked or are you still using cookie based auth?

I had tried both, but the same issue.

Can I see the full config on both the frontend and backend

When you say it wasnt working for different pc on the same network, were you seeing any errors?

I have a warning on the network tab in the response header (This attempt to set a cookie via a Set-Cookie header was blocked because it had the "SameSite=Lax" attribute but came from a cross-site response which was not the response to a top-level navigation.)

Right so you have commented out all the overrides for the session recipe (the configuration you have commented is the part that enabled header based auth)

After signing the warning is not coming but getting some data I have shows errors GET http://192.168.29.179:3001/projects 401 (Unauthorized) POST http://192.168.29.179:3001/auth/session/refresh 401 (Unauthorized)

Just to clarify, have you signed in with the code commented or uncommented?

uncommented

Might be easier to debug this on call

Are you comfirtable in Hindi?

Sure

I'll be able to explain better ni hindi

Yep im comfortable in Hindi

It is working fine. @nkshah2 @rp Thank you so much for helping me

Happy to help

nice! thanks