SSR Oauth in Nextjs not working properly

Hi,

TypeScript

export async function GET(request: NextRequest) {
  const userId = request.nextUrl.searchParams.get("userId");
  const secret = request.nextUrl.searchParams.get("secret");

  if (!userId || !secret) {
    return NextResponse.json({ error: "Invalid request" }, { status: 400 });
  }

  const { account } = await createAdminClient();
  const session = await account.createSession(userId, secret);

  cookies().set("my-custom-session", session.secret, {
    path: "/",
    httpOnly: true,
    sameSite: "strict",
    secure: true,
  });

  return NextResponse.redirect(`${request.nextUrl.origin}/`);
}

this code redirectes user to home page, but actually when redirected at the same time i am calling

TypeScript


export async function getLoggedInUser() {
  try {
    const { account } = await createSessionClient();
    return await account.get();
  } catch (error) {
    console.log(error);
    return null;
  }

this function and this function return null, after refresh its still returns null. But when i enter url to browser and login again it works

TL;DR

- Developers having issues with SSR Oauth in Next.js - Solution: Set cookie after redirect in `createSessionClient()` function - Refreshing page after login not working in strict mode - Changing to lax mode worked - Not sure if changing to lax is recommended for security reasons - Docs may need updating

user is updated

i dont understand, i followed docs and its not working

TypeScript

  cookies().set("my-custom-session", session.secret, {
    path: "/",
    httpOnly: true,
    sameSite: isProduction ? "none" : "lax",
    secure: isProduction,
  });

would that be good option?

@Moderator please, any idea, we are stuck. It is working but we have no idea if it is the most secure implementation

i meant in nextjs strict not working when redirected and cookie was added browser still is in old state and is not consistent to new cookie that was successfuly added thats why i changed strict to lax and it was working actually, i didnot have time and not searched about that attributes i copied everything from docs, maybe docs need to update

in docs 'strict' was written, dunno if u tested this before u wrote that in docs

Does it work if you refresh the page after logging in?

nope

in 'strict' mode

refreshing not working

Do you have the code for createSessionClient()?

but if i enter url from address bar

TypeScript

export async function createSessionClient() {
  const client = new Client()
    .setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT!)
    .setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT!);

  const session = cookies().get("my-custom-session");
  if (!session || !session.value) {
    throw new Error("No session");
  }

  client.setSession(session.value);

  return {
    get account() {
      return new Account(client);
    },
  };
}```

It works if you enter the URL from the address bar?

yep

Try this change after you set the cookie

TypeScript

const response = NextResponse.redirect(`${request.nextUrl.origin}/`);
response.cookies.set("my-custom-session", session.secret);
return response;

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support