Skip to content
Announcing the Appwrite X MongoDB partnership
Start building
Back

(role: applications) missing scope (public)

  • 0
  • Cloud
View on Discord
Andy Carvajal
2 Oct, 2024, 19:26

Iam stuck with this, in nextjs 14 with ssr. When one user is invited, send email invitation delivered ok, this verification go to public route /verify, with form to change password and update membership, but click to send buton, with admin client (with api key) return (role: applications) missing scope (public).

My Create Admin Client

TypeScript
export async function createAdminClient(secret?: string) {
  const client = new Client()
    .setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT as string)
    .setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT as string)
    .setKey(process.env.NEXT_APPWRITE_KEY as string);

  if (secret) {
    client.setSession(secret);
  }

  return {
    get account() {
      return new Account(client);
    },
    get ID() {
      return ID;
    },
    get db() {
      return new Databases(client);
    },
    get users() {
      return new Users(client);
    },
    get client() {
      return client;
    },
    get team() {
      return new Teams(client);
    },
  };
}

My server action

TypeScript
'use server';
async function resetPasswordAction(formData: FormData) {
  const { team, account: adminAccount } = await createAdminClient();

  try {
    const formObj = Object.fromEntries(formData.entries());

    const resetPasswordData = resetPasswordSchema.safeParse(formObj);

    if (resetPasswordData.error) {
      console.error(resetPasswordData.error);
      throw new Error(
        'Error al validar los datos de entrada, intenta nuevamente.'
      );
    }

    // For invitation to team
    if (
      resetPasswordData.data?.membershipId &&
      resetPasswordData.data?.teamId &&
      resetPasswordData.data?.userId &&
      resetPasswordData.data?.secret
    ) {
      const membershipUpdate = await team.updateMembershipStatus(
        resetPasswordData.data.teamId,
        resetPasswordData.data.membershipId,
        resetPasswordData.data.userId,
        resetPasswordData.data.secret
      );
TL;DR
Developers encountered a scope issue while using the admin client to make calls in a Next.js 14 SSR application. The error "missing scope (public)" was triggered when trying to update membership status. This happens because `team.updateMembershipStatus()` should be executed without a session or API key. Solution: Update the `createAdminClient` function to provide a client without the API key for the mentioned call, ensuring it is executed without authentication.
Steven
2 Oct, 2024, 19:31

FYI, it's best to wrap code in backticks to format a bit nicer. You can use 1 backtick for inline code (https://www.markdownguide.org/basic-syntax/#code) and 3 backticks for multiline code (https://www.markdownguide.org/extended-syntax/#syntax-highlighting).

Steven
2 Oct, 2024, 19:32

team.updateMembershipStatus() is meant to be executed without any session or API key. You can't use the admin client to make that call

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more