[SOLVED] Just A Small Question

so, when you create an OAuth2 Session, it asks for callback functions, one for success and failure. So after the Oauth2 (for ex. Google) is granted, does it send a header, a cookie, or something else to the callback?

I cant find anything about it in the docs / reference

There are 2 flows for OAuth:

1. account.createOAuth2Session(). The flow is as following:

• Visitor comes to myapp.com
• Visitor is redirected to cloud.appwrite.io
• Visitor is redirected to login.google.com (not sure what's exact domain)
• Visitor login and authorize access
• Visitor is redirected to cloud.appwrite.io
• Session created, and cookie is set for cloud.appwrite.io domain
• Visitor is redirected to myapp.com/success (success URL set as 2nd param)

Benefits:

• Easy to setup Downside:
• Browsers with 3rd party cookies can fail - cookie is set on cloud.appwrite.io so myapp.com cant see it. Solution is to either use oauth tokens (below), or define custom domain in your project settings - so instead of cloud.appwrite.io you use appwrite.myapp.com, so now the cookie is on same domain

2. account.createOAuth2Token(). Goes like this: --- Same beginning start --- - Visitor comes to myapp.com - Visitor is redirected to cloud.appwrite.io - Visitor is redirected to login.google.com (not sure what's exact domain) - Visitor login and authorize access _- Visitor is redirected to cloud.appwrite.io _ --- Same beginning end ---

• Session created, and token generated
• Visitor is redirected to myapp.com/success?token=X&userId=X (success URL set as 2nd param)
• Website automatically takes token and userId from path, and runs account.createSession()

Benefits:

• Flow similar to JWT - doesn't relay on 3rd party cookies - works in any browser

Downsides:

• More complex to setup

oh ok

thanks

[SOLVED] Just A Small Question