I followed this documentation https supertokens com do

Question

< rp> I followed this documentation https supertokens com docs emailpassword testing testing with postman 3 refreshing session tokens but it responses as unathorized Way produce this bug I log in i get tokens The access token expires in 10 seconds and after I try with refresh token it says unauthorized These are the headers that i am using ```Accept Accept Encoding gzip deflate Accept Language en US en q=0 9 Connection keep alive Content Length 0 fdi version 1 8 1 9 1 10 1 11 1 12 1 13 Host admin playbook test Origin http admin example test Referer http admin example test rid session User Agent Mozilla 5 0 X11 Linux x86 64 AppleWebKit 537 36 KHTML like Gecko Chrome 109 0 0 0 Safari 537 36``` Response ``` message unauthorised ```

rp · Answer

hey < porcx> it seems the refresh token is not being added Can you call the sign in API and show me the response and request headers as seen on chrome>

porcx · Answer

Request headers ```Accept application json text plain Accept Encoding gzip deflate Accept Language en US en q=0 9 Connection keep alive Content Length 98 Content Type application json Cookie sIdRefreshToken=11954b3d b7de 4e9c 8a46 fb26b81c25e3 sIRTFrontend=11954b3d b7de 4e9c 8a46 fb26b81c25e3 sFrontToken=eyJ1aWQiOiIzYWQ1MzQwYy1kNzNmLTQ1MGMtODRkZi1jNzk0NjlhZTU2YTEiLCJhdGUiOjE2NzUxNTIwMjM4MzgsInVwIjp7fX0= Host admin example test Origin http admin example test Referer http admin example test login rid anti csrf User Agent Mozilla 5 0 X11 Linux x86 64 AppleWebKit 537 36 KHTML like Gecko Chrome 109 0 0 0 Safari 537 36``` Response I have modified the response so in response I get user details ```status OK user user id 3ad5340c d73f 450c 84df c79469ae56a1 email admin test com ```

porcx · Answer

In cookies i can see these things set ``` sIRTFrontend sIdRefreshToken sFrontToken sAccessToken ```

rp · Answer

can you send me screenshot of response and request headers

porcx · Answer

Login request and response headers

porcx · Answer

These are log in req and response headers

rp · Answer

can i see all the response headers

porcx · Answer

Refresh req headers and response headers

porcx · Answer

< rp> That s the all response headers

rp · Answer

can i see all the sign in response headers You only sent part of the header screenshot

rp · Answer

and also whats the URL you are using to sign in

porcx · Answer

Did you mean this

rp · Answer

whats the apiBasePath on the frontend and backend

porcx · Answer

the apiBasePath is api auth for frontent and in the backend the api basepath is not set so it should take auth as dedault My api is reunning in admin playbook test api since i am using multitenant

rp · Answer

you need to set the same apiBasePath on frontend and backend

porcx · Answer

Okay i will give a try

porcx · Answer

Nope still the same issue The reason i have api auth base in front end because I have api running in the same domain For example if my app is running in app example test then my api is running in app example test api

porcx · Answer

If my basepath was wrong login should not have worked right but it s working fine

rp · Answer

does the backend strip away the ` api` part of the route when hitting the auth server

rp · Answer

in this case you should set the apiGatewayPath on the backend to ` api`

rp · Answer

so frontend apiBasePath is ` api auth` backend apiBasePath is ` auth` and backend apiGatewayPath is ` api` This should work

porcx · Answer

Yes thanks This worked Thanks a lot

rp · Answer

nice