Back
Authentication flow using CreateEmailToken() / CreateSession(): empty AccessToken and RefreshToken
Hey all,
I am using the .NET SDK for Appwrite v1.7.4 and are working on an authentication / login flow. The process:
- User logs in with mail
- Backend calls Appwrite.CreateEmailToken()
- If ok notify user 3b: servers sents mail, possibly creates user
- User waits for mail to get his secret (OTP, 6 characters)
- Users enters secret
- Backend checks secret with Appwrite.CreateSession() and gets a session
My problem is the general flow ... is off. The session does not provide me with an AccessToken or RefreshToken. Meaning they are empty. It does contain some kind of secret. The earlier generated token also contains a secret I believe.
How do I retrieve the access and refresh tokens? Is the process working differently? Who is handling the token refresh? How long is the token valid? Do I authenticate the user "again" (after he comes back) with the secrets? How do I do that? How long are they valid? ...
TL;DR
Developers using Appwrite SDK for .NET facing issue with empty AccessToken and RefreshToken in the authentication flow using CreateEmailToken() and CreateSession(). Tokens are not provided in the session. To resolve this, check the response from CreateSession() to extract the token information. The process of token refresh is handled automatically by Appwrite. After the user receives the secret via email, they need to enter it and the backend should verify it using CreateSession(). The tokens have a default validity period.