Get cookies SSR with Oauth

I made a client side oauth session but I need to get the cookies on redirect on server side. How do I do this?

TL;DR

The user is trying to implement oauth in their app and wants to get the cookies on the server side after a redirect. They have an Appwrite endpoint that is a subdomain of their app and are using SvelteKit for their app. They are asking how to get the setCookies from oauth and how to grab the cookie in the server-side hook after oauth redirects to their /auth/finish route. The user shares a request and cookies they receive, but the cookies are always null. The support suggests checking if the Appwrite endpoint is a subdomain of the app, if there is a reverse proxy in front of Appwrite, and

Oye...this is kind of complicated....

The session is stored in a secure cookie, so the cookie needs to pass to your server side code. Then, you need to pull the value out and inject it into requests made to Appwrite.

Are you using nextjs version 13?

No sveltekit. I have to whole thing setup with normal email auth

But want to switch to oauth

1st, your Appwrite endpoint needs to be a subdomain of your app (this is where custom domains comes into play). This will make it so your app can access the Appwrite cookie.

For how to inject the cookie into server side sveltekit code refer to this: https://dev.to/meldiron/appwrite-hand-in-hand-with-svelte-kit-ssr-5097#ssr

The AppwriteService.setSSR() function is further up in the article

I dont get this. CreateEmailSession returns a setCookies, CreateMagicURLSession returns a setCookies but oauth doesnt? How can I get the setcookies from oauth?

Oauth will set a cookie too

But how can I get those if oauth redirects to my /auth/finish route?

Browser will automatically set it. So after oauth that server side hook should be able to grab the cookie

TypeScript

  [Symbol(realm)]: { settingsObject: { baseUrl: undefined } },
  [Symbol(state)]: {
    method: 'GET',
    localURLsOnly: false,
    unsafeRequest: false,
    body: null,
    client: { baseUrl: undefined },
    reservedClient: null,
    replacesClientId: '',
    window: 'client',
    keepalive: false,
    serviceWorkers: 'all',
    initiator: '',
    destination: '',
    priority: null,
    origin: 'client',
    policyContainer: 'client',
    referrer: 'client',
    referrerPolicy: '',
    mode: 'cors',
    useCORSPreflightFlag: false,
    credentials: 'same-origin',
    useCredentials: false,
    cache: 'default',
    redirect: 'follow',
    integrity: '',
    cryptoGraphicsNonceMetadata: '',
    parserMetadata: '',
    reloadNavigation: false,
    historyNavigation: false,
    userActivation: false,
    taintedOrigin: false,
    redirectCount: 0,
    responseTainting: 'basic',
    preventNoCacheCacheControlHeaderModification: false,
    done: false,
    timingAllowFailed: false,
    headersList: HeadersList {
      cookies: null,
      [Symbol(headers map)]: [Map],
      [Symbol(headers map sorted)]: null
    },
    urlList: [ [URL] ],
    url: URL {
      href: 'http://cloudflared.domain.nl/auth/finish',
      origin: 'http://cloudflared.domain.nl',
      protocol: 'http:',
      username: '',
      password: '',
      host: 'cloudflared.domain.nl',
      hostname: 'cloudflared.domain.nl',
      port: '',
      pathname: '/auth/finish',
      search: '',
      searchParams: URLSearchParams {},
      hash: ''
    }
  },
  [Symbol(signal)]: AbortSignal { aborted: false },
  [Symbol(headers)]: HeadersList {
    cookies: null,
    [Symbol(headers map)]: Map(25) {
      'host' => [Object],
      'user-agent' => [Object],
      'accept' => [Object],
      'accept-encoding' => [Object],
      'accept-language' => [Object],
      'cdn-loop' => [Object],
      'cf-connecting-ip' => [Object],
      'cf-ew-via' => [Object],
      'cf-ipcountry' => [Object],
      'cf-ray' => [Object],
      'cf-visitor' => [Object],
      'cf-warp-tag-id' => [Object],
      'connection' => [Object],
      'priority' => [Object],
      'referer' => [Object],
      'sec-ch-ua' => [Object],
      'sec-ch-ua-mobile' => [Object],
      'sec-ch-ua-platform' => [Object],
      'sec-fetch-dest' => [Object],
      'sec-fetch-mode' => [Object],
      'sec-fetch-site' => [Object],
      'sec-fetch-user' => [Object],
      'upgrade-insecure-requests' => [Object],
      'x-forwarded-for' => [Object],
      'x-forwarded-proto' => [Object]
    },
    [Symbol(headers map sorted)]: null
  }
}



cookies
{
  get: [Function: get],
  set: [Function: set],
  delete: [Function: delete],
  serialize: [Function: serialize]
}```

This is the request and cookies I get back.

Cookies are always null

Is your Appwrite endpoint a subdomain of your app?

Yes

Do you have any other reverse proxy in front of Appwrite?

nginx / cloudflare

Is nginx forwarding to your Appwrite using https?

Yes

And this request looks like the end of your oauth flow?

Actually it shouldn't matter

Can you check the network logs in your browser to see if the cookie is being sent to API calls to Appwrite as well as your server?

I have a getSession function on my oauth redirect site. (/auth/finish) and I successfully get a session back. Or what do you mean?

So the session creation worked but I got no cookies set.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support