Back

Get cookies SSR with Oauth

  • 2
  • Accounts
  • Web
Brave
25 Feb, 2023, 16:31

I made a client side oauth session but I need to get the cookies on redirect on server side. How do I do this?

TL;DR
The user is trying to implement oauth in their app and wants to get the cookies on the server side after a redirect. They have an Appwrite endpoint that is a subdomain of their app and are using SvelteKit for their app. They are asking how to get the setCookies from oauth and how to grab the cookie in the server-side hook after oauth redirects to their /auth/finish route. The user shares a request and cookies they receive, but the cookies are always null. The support suggests checking if the Appwrite endpoint is a subdomain of the app, if there is a reverse proxy in front of Appwrite, and
Drake
25 Feb, 2023, 16:33

Oye...this is kind of complicated....

The session is stored in a secure cookie, so the cookie needs to pass to your server side code. Then, you need to pull the value out and inject it into requests made to Appwrite.

Are you using nextjs version 13?

Brave
25 Feb, 2023, 16:35

No sveltekit. I have to whole thing setup with normal email auth

Brave
25 Feb, 2023, 16:35
Brave
25 Feb, 2023, 16:35

But want to switch to oauth

Drake
25 Feb, 2023, 16:41

1st, your Appwrite endpoint needs to be a subdomain of your app (this is where custom domains comes into play). This will make it so your app can access the Appwrite cookie.

For how to inject the cookie into server side sveltekit code refer to this: https://dev.to/meldiron/appwrite-hand-in-hand-with-svelte-kit-ssr-5097#ssr

Drake
25 Feb, 2023, 16:44

The AppwriteService.setSSR() function is further up in the article

Brave
25 Feb, 2023, 17:25

I dont get this. CreateEmailSession returns a setCookies, CreateMagicURLSession returns a setCookies but oauth doesnt? How can I get the setcookies from oauth?

Drake
25 Feb, 2023, 17:39

Oauth will set a cookie too

Brave
25 Feb, 2023, 17:42

But how can I get those if oauth redirects to my /auth/finish route?

Drake
25 Feb, 2023, 17:45

Browser will automatically set it. So after oauth that server side hook should be able to grab the cookie

Brave
25 Feb, 2023, 17:49
TypeScript
  [Symbol(realm)]: { settingsObject: { baseUrl: undefined } },
  [Symbol(state)]: {
    method: 'GET',
    localURLsOnly: false,
    unsafeRequest: false,
    body: null,
    client: { baseUrl: undefined },
    reservedClient: null,
    replacesClientId: '',
    window: 'client',
    keepalive: false,
    serviceWorkers: 'all',
    initiator: '',
    destination: '',
    priority: null,
    origin: 'client',
    policyContainer: 'client',
    referrer: 'client',
    referrerPolicy: '',
    mode: 'cors',
    useCORSPreflightFlag: false,
    credentials: 'same-origin',
    useCredentials: false,
    cache: 'default',
    redirect: 'follow',
    integrity: '',
    cryptoGraphicsNonceMetadata: '',
    parserMetadata: '',
    reloadNavigation: false,
    historyNavigation: false,
    userActivation: false,
    taintedOrigin: false,
    redirectCount: 0,
    responseTainting: 'basic',
    preventNoCacheCacheControlHeaderModification: false,
    done: false,
    timingAllowFailed: false,
    headersList: HeadersList {
      cookies: null,
      [Symbol(headers map)]: [Map],
      [Symbol(headers map sorted)]: null
    },
    urlList: [ [URL] ],
    url: URL {
      href: 'http://cloudflared.domain.nl/auth/finish',
      origin: 'http://cloudflared.domain.nl',
      protocol: 'http:',
      username: '',
      password: '',
      host: 'cloudflared.domain.nl',
      hostname: 'cloudflared.domain.nl',
      port: '',
      pathname: '/auth/finish',
      search: '',
      searchParams: URLSearchParams {},
      hash: ''
    }
  },
  [Symbol(signal)]: AbortSignal { aborted: false },
  [Symbol(headers)]: HeadersList {
    cookies: null,
    [Symbol(headers map)]: Map(25) {
      'host' => [Object],
      'user-agent' => [Object],
      'accept' => [Object],
      'accept-encoding' => [Object],
      'accept-language' => [Object],
      'cdn-loop' => [Object],
      'cf-connecting-ip' => [Object],
      'cf-ew-via' => [Object],
      'cf-ipcountry' => [Object],
      'cf-ray' => [Object],
      'cf-visitor' => [Object],
      'cf-warp-tag-id' => [Object],
      'connection' => [Object],
      'priority' => [Object],
      'referer' => [Object],
      'sec-ch-ua' => [Object],
      'sec-ch-ua-mobile' => [Object],
      'sec-ch-ua-platform' => [Object],
      'sec-fetch-dest' => [Object],
      'sec-fetch-mode' => [Object],
      'sec-fetch-site' => [Object],
      'sec-fetch-user' => [Object],
      'upgrade-insecure-requests' => [Object],
      'x-forwarded-for' => [Object],
      'x-forwarded-proto' => [Object]
    },
    [Symbol(headers map sorted)]: null
  }
}



cookies
{
  get: [Function: get],
  set: [Function: set],
  delete: [Function: delete],
  serialize: [Function: serialize]
}```
Brave
25 Feb, 2023, 17:49

This is the request and cookies I get back.

Brave
25 Feb, 2023, 17:50

Cookies are always null

Drake
25 Feb, 2023, 18:34

Is your Appwrite endpoint a subdomain of your app?

Brave
25 Feb, 2023, 18:34

Yes

Drake
25 Feb, 2023, 18:35

Do you have any other reverse proxy in front of Appwrite?

Brave
25 Feb, 2023, 18:36

nginx / cloudflare

Drake
25 Feb, 2023, 18:36

Is nginx forwarding to your Appwrite using https?

Brave
25 Feb, 2023, 18:37

Yes

Drake
25 Feb, 2023, 18:37

And this request looks like the end of your oauth flow?

Drake
25 Feb, 2023, 18:38

Actually it shouldn't matter

Drake
25 Feb, 2023, 18:38

Can you check the network logs in your browser to see if the cookie is being sent to API calls to Appwrite as well as your server?

Brave
25 Feb, 2023, 18:40

I have a getSession function on my oauth redirect site. (/auth/finish) and I successfully get a session back. Or what do you mean?

Brave
25 Feb, 2023, 18:41

So the session creation worked but I got no cookies set.

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more