Back
node-appwrite sdk not creating session with createEmailPasswordSession
I am creating a new user with node-appwrite in SSR
The docs recommend using AdminClient, but I want to use a regular client (as AdminClient bypasses rate limits)
TypeScript
const session = await account.createEmailPasswordSession(email, password);
This returns the following session without a secret:
TypeScript
session {
'$id': '6748833fdaaa18fa840f',
'$createdAt': '2024-11-28T14:50:39.919+00:00',
'$updatedAt': '2024-11-28T14:50:39.919+00:00',
userId: '6748833e00132201811a',
expire: '2025-11-28T14:50:39.895+00:00',
provider: 'email',
providerUid: 'XXXXXXXXXXXX@XXXXXXXXXXX.com',
providerAccessToken: '',
providerAccessTokenExpiry: '',
providerRefreshToken: '',
ip: '103.XXX.XXX.XXX',
osCode: 'MAC',
osName: 'Mac',
osVersion: '',
clientType: '',
clientCode: '',
clientName: '',
clientVersion: '',
clientEngine: '',
clientEngineVersion: '',
deviceName: 'desktop',
deviceBrand: 'Apple',
deviceModel: '',
countryCode: 'in',
countryName: 'India',
current: true,
factors: [ 'password' ],
secret: '',
mfaUpdatedAt: ''
}
TL;DR
Issue: The developer is trying to create a session with `createEmailPasswordSession` in node-appwrite SDK, but the session returned does not include the `secret` field.
Solution: Unfortunately, creating a session with the regular client may not include the `secret` field, as recommended by the docs. To bypass rate limits and ensure security, developers should use AdminClient, although this means manual rate limit handling.I am using this in Nextjs SSR
If we were to use AdminClient, then it bypasses rate limit, which means, we'll have to handle rate-limit manually
Ideally, session must be created from from regular client too (without need of AdminClient) so Appwrite's existing rate-limits come into play, and take care of security
