apprwite sdk session unauthorized

Hey I'm using appwrite sdk for nodejs and while I'm trying to get sessions of user it's giving unauthorized role error can anyone help me in this?

TL;DR

Developers are facing an "unauthorized" error using the Appwrite SDK for Node.js when trying to get user sessions. The issue might be related to the API key not being secure or a problem with the session ID. The suggestion is to set the JWT as an HttpOnly cookie for authentication. It is recommended to check if the middleware is correctly receiving the session-id header and ensure that the SDK is used consistently instead of mixing it with the REST API.

As said in #👷│maintainers, it means you aren't logged in.

Also, what are you using, the SDK or Rest API?

Sdk

Then don't use the REST API tag. It's not the same. What does your code look like?

I'm using sdk in rest apis

const authMiddleware = (client) => { console.log('hiiiiiiiiiiiii') return async (req, res, next) => { console.log(req); const sessionId = req.headers['session-id']; if (!sessionId) { return res.status(401).send('Unauthorized: No session ID provided'); } console.log(sessionId);

TypeScript

    const users = new sdk.Account(client);

    try {
        // Check if the session exists for the user
        const session = await users.getSession(sessionId);
        console.log(session);
        if (!session || session.$id !== sessionId) {
            return res.status(401).send('Unauthorized: Invalid session');
        }

        req.userId = session.userId;  
        next();  
    } catch (error) {
        console.error('Authorization Error:', error.message);
        return res.status(401).send('Unauthorized: Invalid session');
    }
};

}; this is my middleware function but when i am trying to get session it is giving error

and where does the user login?

there is another api of user login

in response i got session object from that object i am sending session id in headers in another api from postman

Are you sure that the middleware is getting the session-id header?

yes i am sending in header from postman and using debugger

const session = await users.getSession(sessionId); on this line i got error

Authorization Error: app.66fcf60100140e524d82@service.cloud.appwrite.io (role: applications) missing scope (account)

what does console.log(sessionId) say?

its returning sessionId that i've send through headers

Only think I can think of is that the session id isn't the actual session id, what I'd rather do is set the jwt from the session secret as a httponly cookie and use that jwt with account.get() instead

@D5 any idea?

I've doing without frontend i am hitting apis one after another so in another api to validate user we have to validate session also

For that I think that you need to use the server side SDK or api with a valid API key. Be careful with that as it can't be done client sice since the API key needs to be secured and not known by the client.

If you need to interact like an user server side, probably you can follow the SSR tutorial in order to handle auth server side: https://appwrite.io/docs/products/auth/server-side-rendering

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support