Skip to content
Start building
Back

[SOLVED] AppwriteException: general_unauthorized_scope,(role: applications) missing scope(public)

  • 0
  • Self Hosted
  • Flutter
  • Web
  • Users
View on Discord
kareem zaher
24 Sep, 2023, 06:47

hi 🙂 I'm getting this message when trying to use the flutter SDK to create an email session. any help?? Here's a code snippet :

TypeScript
     _client
      .setEndpoint(dotenv.get(ENV.ENDPOINT))
      .setProject(dotenv.get(ENV.PROJECT_ID))
      .addHeader('X-Appwrite-Key',  dotenv.get(ENV.API_KEY))
      .setSelfSigned(status: true),

Future<Session> createEmailSession({ required String email, required String password, }) async { final Account account = Account(_client);

TypeScript
try {
  final Session response =
      await account.createEmailSession(email: email, password: password);

  print(response.toMap().toString());

  return response;
} catch (e) {
  print(e.toString());
  rethrow;
}

}

TL;DR
The user encountered an AppwriteException: general_unauthorized_scope,(role: applications) missing scope(public) when trying to use the flutter SDK to create an email session. They were advised not to use the dart SDK or an API key in their flutter app for security reasons. The issue was solved by removing the line of code that defined the client with the x-api header. Other suggested solutions included using the dart_appwrite package for server API calls or using http or Dio to construct regular REST API calls without the appwrite SDK. The user confirmed that their API key was not empty. It was suggested to make sure that the API key has
Tomic R.
24 Sep, 2023, 07:06

@kareem zaher check if your api key has auth as a scope activated

kareem zaher
24 Sep, 2023, 15:46

double checked, it's there thanks

darShan
24 Sep, 2023, 15:52

Make sure that ENV.API_KEY isn't empty. Maybe try printing the value.

Tomic R.
24 Sep, 2023, 15:54

Would also have been my next suggestion

kareem zaher
24 Sep, 2023, 15:57

it's there too 👍

kareem zaher
24 Sep, 2023, 20:33

[solved] defining the client with x-api header is not required _client .setEndpoint(dotenv.get(ENV.ENDPOINT)) .setProject(dotenv.get(ENV.PROJECT_ID)) //.addHeader('X-Appwrite-Key', //dotenv.get(ENV.API_KEY)) .setSelfSigned(status: true),

if you want to make server api calls you can just use the dart_appwrite and it's not the most elegant way, as it gives import conflicts with the flutter appwrite package, yet it works if you can manage import spaggiti.

another solution, which i think is better, is to use http or Dio to construct your server api calls as regular rest api calls without using the appwrite sdk at all.

thank you for your help, i hope u got any useful info from this thread. 🙂

kareem zaher
24 Sep, 2023, 20:34

[SOLVED] AppwriteException: general_unauthorized_scope,(role: applications) missing scope(public)

Drake
25 Sep, 2023, 05:21

You should not be using the dart sdk or an API key in your flutter app. It is not safe and exposes your API key to anyone with the app

kareem zaher
25 Sep, 2023, 14:40

@Steven Thank you for the tip. yet, this is an admin app only to be used by system admins. so i think it's ok, given that the source code including the api key is safe. Still, you can advice me on a better approach, i'm in need of one really. again thanks 🙂

Drake
25 Sep, 2023, 21:47

i would create a team for admins and then grant the team access to whatever they need.

kareem zaher
28 Sep, 2023, 22:44

@Steven still you would want to use the Server_SDK for admins to be able to control the app, right ?? 🙂

Drake
28 Sep, 2023, 22:48

i would build the app such that an admin is just another user in the app, but because they're in the "admin team" or whatever, they have more permissiosn than others

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more