Skip to content
Start building
Back

(Role: applications) missing scope (account)

  • 0
  • Accounts
  • Web
  • Cloud
View on Discord
K_Vasen
23 Dec, 2023, 15:39

I am using node-appwrite on server side to getSession of the user which I explicitly stored in cookie.

TypeScript
try{
  await account.getSession(event.cookies.get("sessionId"));
}catch(error) {console.log(error)}

Framework being used is Sveltekit

TL;DR
User is experiencing an error when trying to authenticate a user on the server-side using SSR (Server-Side Rendering). They are advised not to use SSR if possible, but if they still want to, they need to proxy the authentication through the back end, manually authenticate, and manage the session cookie themselves. A demo is provided for reference. The user asks if they can set the userID as a cookie. The user wants to authenticate the user on SSR to improve user experience. They mention that loading user basic info takes a while when done on the client-side. They ask if there is any other way to get the session of the user on
D5
23 Dec, 2023, 21:39

Do you have set in the API key the corresponding scopes?

K_Vasen
24 Dec, 2023, 05:54

Yes I have given auth scope for the given api key in the console. I could fetch documents but not accounta

ideclon
24 Dec, 2023, 06:52

What’s the error you’re getting?

K_Vasen
24 Dec, 2023, 11:03

code: 401, type: 'general_unauthorized_scope', response: { message: 'app.<PROJECT_ID>@service.cloud.appwrite.io (role: applications) missing scope (account)', code: 401, type: 'general_unauthorized_scope', version: '0.12.17' } }

This is the response I got

D5
24 Dec, 2023, 12:08

Are you sure project ID is correct?

K_Vasen
24 Dec, 2023, 15:56

Yes I am sure that project ID is correct. Since I am able to fetch documents using that client on server side.

ideclon
24 Dec, 2023, 17:47

I’ve never seen this error. Hopefully someone from Core can jump in?

K_Vasen
25 Dec, 2023, 07:20

Is there any other way to get the session of user on server side. Consider session Id is being stored on cookie.!!!

D5
25 Dec, 2023, 10:19

With JWT

ideclon
25 Dec, 2023, 17:38

Just to check - what exactly is it that you’re trying to get?

K_Vasen
25 Dec, 2023, 18:56

But JWT has a tradeoff of getting expired after 15 min of creation. How can I create JWT upon expiration on client side??

D5
25 Dec, 2023, 19:43

You will need to create a net JWT once it expires. That's the issue

ideclon
26 Dec, 2023, 02:50

Why exactly is it that you’re trying to do?

K_Vasen
26 Dec, 2023, 16:17

I need to authenticate user on ssr. For better user experience.. when it is done on client side. It is taking a while to load user baisc info such as id,email,name

ideclon
26 Dec, 2023, 16:20

You said you’re setting the sessionID as a cookie. Could you do the same for the userID?

Drake
27 Dec, 2023, 02:15

You can't use get session to authenticate.

I highly suggest not using SSR if possible because it's complicated.

If you really want to, you'll need to proxy the authentication through your back end and manually authenticate so you can extract the session cookie. Then, you'll need to manage the cookie yourself.

Here's a demo: https://next-js.ssr.almostapps.eu/.

That said, we do have plans to improve SSR support in the near future.

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more