Back
node-appwrite sdk not creating session with createEmailPasswordSession
I am creating a new user with node-appwrite in SSR
The docs recommend using AdminClient, but I want to use a regular client (as AdminClient bypasses rate limits)
TypeScript
const session = await account.createEmailPasswordSession(email, password);
This returns the following session without a secret:
TypeScript
session {
'$id': '6748833fdaaa18fa840f',
'$createdAt': '2024-11-28T14:50:39.919+00:00',
'$updatedAt': '2024-11-28T14:50:39.919+00:00',
userId: '6748833e00132201811a',
expire: '2025-11-28T14:50:39.895+00:00',
provider: 'email',
providerUid: 'XXXXXXXXXXXX@XXXXXXXXXXX.com',
providerAccessToken: '',
providerAccessTokenExpiry: '',
providerRefreshToken: '',
ip: '103.XXX.XXX.XXX',
osCode: 'MAC',
osName: 'Mac',
osVersion: '',
clientType: '',
clientCode: '',
clientName: '',
clientVersion: '',
clientEngine: '',
clientEngineVersion: '',
deviceName: 'desktop',
deviceBrand: 'Apple',
deviceModel: '',
countryCode: 'in',
countryName: 'India',
current: true,
factors: [ 'password' ],
secret: '',
mfaUpdatedAt: ''
}
TL;DR
Issue: The developer is trying to create a session with `createEmailPasswordSession` in node-appwrite SDK, but the session returned does not include the `secret` field.
Solution: Unfortunately, creating a session with the regular client may not include the `secret` field, as recommended by the docs. To bypass rate limits and ensure security, developers should use AdminClient, although this means manual rate limit handling. I am using this in Nextjs SSR
If we were to use AdminClient, then it bypasses rate limit, which means, we'll have to handle rate-limit manually
Ideally, session must be created from from regular client too (without need of AdminClient) so Appwrite's existing rate-limits come into play, and take care of security
