Hi, I'm using the EmailPassword Recipe with hosted Supertokens, but on user sign in getting 401 errors from

<my_domain>/auth/session/refresh

. Is this endpoint used for EmailPassword recipe, and why would it be returning 401? From the docs it seems to only be within Session Recipe (https://app.swaggerhub.com/apis/supertokens/FDI/1.16.0#/Session%20Recipe/refresh)

hey @tom-glyphic can you enable backend debug logs and show me the output?

Here's the logs, which shows a successful

POST /auth/signin

request, it then tries to make

GET

to our own

/auth/organization/

and

/auth/user/

and the

POST /auth/session/refresh

which all fail with

401

So when you first visit the site, a 401 is expected from this API. But after you sign in, then it should all just work.

The effect is the UI is being redirected back to the sign in page, even after the

auth/signin

returned 200 (the sub pages are wrapped in

<SessionAuth />

from

supertokens-auth-react/recipe/session

)

Hmm. That’s odd. If the signin api is succeeding, then it should not cause a refresh failure.

We don't set

tokenTransferMethod

explicitly, but from the request headers looks like it's defaulting to

st-auth-mode: cookie

Hmm. Right. Can I see the sign in response headers? And also the cookie store after the api is called.