Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[SOLVED] The way to get users session token

  • 1
  • Self Hosted
  • Accounts
  • Web
View on Discord
otik
5 Aug, 2023, 16:58

Hi, is there any way to get users session token from server by JWT?

TL;DR
The user is asking if there's a way to get a user's session token from the server using JWT. There is no solution provided in the thread.
Drake
5 Aug, 2023, 17:15

It sounds like you're asking for something like impersonation. That's not available yet. The user would have to pass something to the server.

Can you give some additional context on your use case?

otik
5 Aug, 2023, 17:17

yes user would give JWT token to server and server would get session token from appwrite

Drake
5 Aug, 2023, 17:18

The JWT token is already the session ...so server wouldn't have to get any other token 🧐

otik
5 Aug, 2023, 17:20

yes, but i would like to get session token because i want to store it into cookies on client-side.........for later access........... i am using sveltekit SSR and i can use only cookies for authentication

Drake
5 Aug, 2023, 17:27

The best thing to do might be to

  1. Set up Appwrite endpoint to be a sub domain of your app
  2. send the email and password to the server
  3. Manually log in server side
  4. Grab the cookie from the response header
  5. Set the cookie for your client side

This way the cookie will be in your server and client.

Here's an example of this setup: https://svelte-kit.ssr.almostapps.eu/

otik
5 Aug, 2023, 17:42

yes that is what i do. But this way i cant use OAuth2 authentication. And will not be there any problem with rate limit for creating session from server, i mean when all sessions will be created on server-side.

otik
5 Aug, 2023, 17:45

for example, now i cant log in because of rate limit (the error is on server-side)

Drake
5 Aug, 2023, 17:45

For oauth2, redirect back to your server at the path /auth/oauth2/success. There should be a secret in the URL that is the cookie value.

You should be fine on rate limit because the rate limit key includes the email

otik
5 Aug, 2023, 17:46

Wow, ok, thank you very much... going to try it

otik
5 Aug, 2023, 18:05

No here (/auth/oauth2/success) is no secret in URL. For OAuth2 i am using your client lib on client is it ok or i have to use rest api?

Drake
5 Aug, 2023, 18:06

What's your code? What's in the URL when you hit that page?

Yes, using our SDK should be fine

otik
5 Aug, 2023, 18:08

this is my code

otik
5 Aug, 2023, 18:09

I hope i understand but in url is only http://localhost:5222/oauth2/success nothing else

Drake
5 Aug, 2023, 18:09

You're missing auth

otik
5 Aug, 2023, 18:12

I am very sorry, i thought that it was only an example. Yes now i can see it. Thank youu soooo much.

otik
5 Aug, 2023, 18:16

Please is for email session something similar?

Drake
5 Aug, 2023, 18:18

No

joeyouss
8 Aug, 2023, 10:09

[SOLVED] The way to get users session token

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more