[SOLVED] AppwriteException: general_unauthorized_scope,(role: applications) missing scope(public)

hi 🙂 I'm getting this message when trying to use the flutter SDK to create an email session. any help?? Here's a code snippet :

TypeScript

     _client
      .setEndpoint(dotenv.get(ENV.ENDPOINT))
      .setProject(dotenv.get(ENV.PROJECT_ID))
      .addHeader('X-Appwrite-Key',  dotenv.get(ENV.API_KEY))
      .setSelfSigned(status: true),

Future<Session> createEmailSession({ required String email, required String password, }) async { final Account account = Account(_client);

TypeScript

try {
  final Session response =
      await account.createEmailSession(email: email, password: password);

  print(response.toMap().toString());

  return response;
} catch (e) {
  print(e.toString());
  rethrow;
}

}

TL;DR

The user encountered an AppwriteException: general_unauthorized_scope,(role: applications) missing scope(public) when trying to use the flutter SDK to create an email session. They were advised not to use the dart SDK or an API key in their flutter app for security reasons. The issue was solved by removing the line of code that defined the client with the x-api header. Other suggested solutions included using the dart_appwrite package for server API calls or using http or Dio to construct regular REST API calls without the appwrite SDK. The user confirmed that their API key was not empty. It was suggested to make sure that the API key has

@kareem zaher check if your api key has auth as a scope activated

double checked, it's there thanks

Make sure that ENV.API_KEY isn't empty. Maybe try printing the value.

Would also have been my next suggestion

it's there too 👍

[solved] defining the client with x-api header is not required _client .setEndpoint(dotenv.get(ENV.ENDPOINT)) .setProject(dotenv.get(ENV.PROJECT_ID)) //.addHeader('X-Appwrite-Key', //dotenv.get(ENV.API_KEY)) .setSelfSigned(status: true),

if you want to make server api calls you can just use the dart_appwrite and it's not the most elegant way, as it gives import conflicts with the flutter appwrite package, yet it works if you can manage import spaggiti.

another solution, which i think is better, is to use http or Dio to construct your server api calls as regular rest api calls without using the appwrite sdk at all.

thank you for your help, i hope u got any useful info from this thread. 🙂

[SOLVED] AppwriteException: general_unauthorized_scope,(role: applications) missing scope(public)

You should not be using the dart sdk or an API key in your flutter app. It is not safe and exposes your API key to anyone with the app

@Steven Thank you for the tip. yet, this is an admin app only to be used by system admins. so i think it's ok, given that the source code including the api key is safe. Still, you can advice me on a better approach, i'm in need of one really. again thanks 🙂

i would create a team for admins and then grant the team access to whatever they need.

@Steven still you would want to use the Server_SDK for admins to be able to control the app, right ?? 🙂

i would build the app such that an admin is just another user in the app, but because they're in the "admin team" or whatever, they have more permissiosn than others

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support