Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Unable to create an account using the session object in SSR component

  • 0
  • Self Hosted
  • Web
View on Discord
m0hsin_
9 Apr, 2024, 18:56

I have the following server action that I am calling in order to login

TypeScript
export async function loginUser(prevState, formData) {

    try {
        const account = await createAdminClient();
        const session = await account.createEmailPasswordSession(formData.get("email"), formData.get("password"));

        cookies().set('session', session.secret, {
            httpOnly: true,
            secure: false,
            sameSite: "strict",
            maxAge: new Date(session.expire),
            path: "/"
        });

    } catch(error) {
        return {
            message: error.message
        }
    }

    revalidatePath('/auth/login');

    redirect('/dashboard');
}

I also have the following function that I need to implement to logout, however, I need to first get the account to delete the session. I am using the next/headers to grab cookies, and then retrieve the session object from there. That part works as expected. However, when I try to call acc.get() I get general_unauthorized_scope as the error, could someone take a look and tell me what I could be doing wrong?

TypeScript
export async function logoutUser(prevState, formData) {

    try {
        const session = cookies().get("session");
        if (session) {
            const acc = await getAccountFromSession(session);
            acc.get().then(function (response) {
                console.log(response)
            })
        }

    } catch(error) {
        console.log(error)
        return {
            message: error.message
        }
    }
}

getAccountFromSession(session) btw

TypeScript
const getAccountFromSession = async (session) => {
    const client =  new Client()
    .setEndpoint(process.env.REACT_APP_APPWRITE_BASE_URL)
    .setProject(process.env.REACT_APP_APPWRITE_PROJECT_KEY)
    .setSelfSigned(true) // TODO - Set this to false once deployed with an actual ssl certificate

    if (session) {
        client.setSession(session.secret)
    }

    return new Account(client);
}
TL;DR
Issue: Unable to retrieve session object in SSR component when attempting to logout due to 'general_unauthorized_scope' error. Solution: Make sure to properly set the session when calling `getAccountFromSession(session)` so that it includes the secret and the session object can be retrieved successfully. Note: Check that the permissions and scopes are properly set up for accessing the session object during logout.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more