Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[Appwrite SSR Authentication] New authentication flow

  • 0
  • Web
  • Cloud
View on Discord
Francisco "Klogan" Barros
2 Mar, 2024, 21:11

First of all, congratulations on your endeavours to make Appwrite integration with SSR frameworks easier... The new flows highlighted in https://appwrite.io/docs/products/auth/server-side-rendering make alot of sense in my perspective.

However, I think being able to do direct requests from the users' browsers directly to Appwrite servers still make sense. For example, using Appwrite Client SDK for reads and using Appwrite Server SDK for write operations for example.

What would be the recommended way, to authenticate on the server and preserve a cookie that's valid with Appwrite and another that is valid with our own Server?

Previously, I was doing something like this:

TypeScript
export function setSessionFromHttpResponse(
  response: FetchResponse<unknown>,
  event: H3Event<EventHandlerRequest>
) {
  const { appwriteHostname, ssrHostname } = useAppwriteConfig()

  const cookiesString = (response.headers.get('set-cookie') ?? '')
    .split(appwriteHostname)
    .join(ssrHostname)

  const cookiesArray: string[] = setCookieParser.splitCookiesString(cookiesString)
  const cookiesParsed = cookiesArray.map((c) => setCookieParser.parseString(c))

  cookiesParsed.forEach((cookie) => {
    setCookie(event, cookie.name, cookie.value, {
      domain: cookie.domain,
      expires: cookie.expires,
      httpOnly: cookie.httpOnly,
      maxAge: cookie.maxAge,
      path: cookie.path,
      secure: cookie.secure,
      sameSite: 'strict',
    })
  })
}

Would this still be the only way for something like this to work?

TL;DR
Developers are discussing implementing a new authentication flow with Appwrite for SSR frameworks. The recommended way to authenticate on the server and preserve cookies valid with both Appwrite and their own server is by using a function like `setSessionFromHttpResponse`. This function takes the response and sets cookies accordingly.
Steven
2 Mar, 2024, 21:22

Maybe you can take the new secret and then set a cookie so that it gets sent to Appwrite from the client

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more