Start building
Star on GitHub 47K Start building
Back

Question regarding oauth usage of createOAuth2Token while doing SSR

  • 0
  • Web
  • Auth
  • Apple
  • Self Hosted
  • REST API
View on Discord
discorrrdbomba
25 Mar, 2025, 19:19

i am using createOAuth2Toke successfully with google chrome, for a couple of providers. I am facing the "user object is empty after successfully creating the oauth session" issue on safari and for example duckduckgo (which i think is because its just another wrapper of the safari browser on macOS), which is described here: https://appwrite.io/blog/post/fixing-oauth2-issues-in-appwrite-cloud

I am on self hosted - even though the article blog post is talking about the cloud, i think its valid also for self hosting (correct me if I am wrong please). Now my thing is when receiving the userId and secret created using createOAuth2Token which then get processed on the api/route (passed as success path to the createOAuth2Token function) on the server-side and trying to create the session using createSession with the just received credentials, it seems like the browser (safari for example) does not allow the cookie to be set - but i cant understand why, since my app is on the same domain (board.example.com) as the self hosted appwrite server (apw.example.com)...

Same issue on localhost - signing in using an oauth provider works when using google chrome, but doesnt work using safari/duckduckgo - so i think it really must have to do with Access-Control-Allow-Origin headers, but then I have two different appwrite projects running within my appwrite organization, having one platform with hostname: "localhost,apw.example.com" and the other one for my production application with hostname: "board.example.com,apw.example.com" ..so again, I can not understand why it should treat the thing as third party...

maybe someone could help me on this?

TL;DR
Developers are experiencing an issue with creating OAuth2 tokens while doing server-side rendering (SSR). The problem arises with browsers like Safari and DuckDuckGo not allowing cookies to be set, causing the "user object is empty after successfully creating the OAuth session" error. This could be due to Access-Control-Allow-Origin headers or having multiple hostnames for one platform. It's important to ensure each platform is assigned to a single hostname. Check and adjust the configurations accordingly to resolve the issue.
Steven
25 Mar, 2025, 19:26

What exactly is giving you "user object is empty after successfully creating the oauth session"? I don't think i've seen this before

Steven
25 Mar, 2025, 19:26

you said:

it seems like the browser (safari for example) does not allow the cookie to be set

Can you share what you did and some details about what is going on?

Steven
25 Mar, 2025, 19:27

Same issue on localhost

Localhost will surely have problems with 3rd party cookies

Steven
25 Mar, 2025, 19:28

having one platform with hostname: "localhost,apw.example.com"

You can't have multiple comma separated hostnames. 1 platform should be for 1 hostname

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more