<@498057949541826571> I followed this documentatio...
# support-questions-legacy
p
@rp_st I followed this documentation https://supertokens.com/docs/emailpassword/testing/testing-with-postman#3-refreshing-session-tokens but it responses as unathorized. Way produce this bug. I log in i get tokens. The access token expires in 10 seconds and after I try with refresh token it says unauthorized. These are the headers that i am using
Copy code
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 0
fdi-version: 1.8,1.9,1.10,1.11,1.12,1.13
Host: admin.playbook.test
Origin: http://admin.example.test
Referer: http://admin.example.test
rid: session
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Response
Copy code
{
  "message": "unauthorised"
}
r
hey @porcx it seems the refresh token is not being added. Can you call the sign in API and show me the response and request headers as seen on chrome>
p
Request headers
Copy code
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 98
Content-Type: application/json
Cookie: sIdRefreshToken=11954b3d-b7de-4e9c-8a46-fb26b81c25e3; sIRTFrontend=11954b3d-b7de-4e9c-8a46-fb26b81c25e3; sFrontToken=eyJ1aWQiOiIzYWQ1MzQwYy1kNzNmLTQ1MGMtODRkZi1jNzk0NjlhZTU2YTEiLCJhdGUiOjE2NzUxNTIwMjM4MzgsInVwIjp7fX0=
Host: admin.example.test
Origin: http://admin.example.test
Referer: http://admin.example.test/login
rid: anti-csrf
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Response: I have modified the response so in response I get user details
Copy code
status: "OK"
user: {user_id: "3ad5340c-d73f-450c-84df-c79469ae56a1", email: "admin@test.com",…}
In cookies i can see these things set
Copy code
sIRTFrontend            
sIdRefreshToken        
sFrontToken        
sAccessToken
r
can you send me screenshot of response and request headers?
p
Login request and response headers
These are log in req and response headers
r
can i see all the response headers?
p
Refresh req headers and response headers
@rp_st That's the all response headers
r
can i see all the sign in response headers? You only sent part of the header screenshot
and also whats the URL you are using to sign in?
p
Did you mean this
r
whats the apiBasePath on the frontend and backend?
p
the apiBasePath is /api/auth for frontent and in the backend the api basepath is not set so it should take /auth as dedault. My api is reunning in admin.playbook.test/api since i am using multitenant
r
you need to set the same apiBasePath on frontend and backend
p
Okay i will give a try
Nope still the same issue. The reason i have /api/auth base in front end because I have api running in the same domain. For example if my app is running in app.example.test then my api is running in app.example.test/api.
If my basepath was wrong login should not have worked right but it's working fine
r
does the backend strip away the
/api
part of the route when hitting the auth server?
in this case, you should set the apiGatewayPath on the backend to
/api
so frontend apiBasePath is
/api/auth
, backend apiBasePath is
/auth
and backend apiGatewayPath is
/api
. This should work
p
Yes thanks. This worked. Thanks a lot. 🙂
r
nice
4 Views