New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Adds a very basic POC for http-only cookies #146
Conversation
import { auth } from '../../utils/initSupabase' | ||
import Router from 'next/router' | ||
|
||
export default function handler(req, res) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This server route should "receive" the auth redirects from GoTrue and save an http-only cookie
import { auth } from '../../utils/initSupabase' | ||
|
||
// Example of how to verify and get user data server-side. | ||
const getUser = async (req, res) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This route should be able to pluck the session data from the cookie
async function handleEmailSignIn() { | ||
let { error, user } = await auth.signIn( | ||
{ email, password }, | ||
{ redirectTo: 'http://localhost:3000/api/auth' } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we are logging in, but telling the GoTrue server to send our authenticated requests to our server-side route so that it can set an HTTP cookie
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kangmingtay @awalias is this setting working? I'm not sure if the requests are being redirected after creating the user
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup it is working, the logs in the docker container should show the redirect url used. You'll also need to whitelist http://localhost:3000
in the docker-compose file inside the autoconfirm container by setting GOTRUE_URI_ALLOW_LIST: http://localhost:3000
inside the environment
@@ -1,6 +1,21 @@ | |||
# docker-compose.yml | |||
version: '3' | |||
services: | |||
kong: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needed to add kong for CORS support
Sidenote: is this another regression? Previously my react example was working without kong
|
||
// Example of how to verify and get user data server-side. | ||
const getUser = async (req, res) => { | ||
const { user, error } = await auth.api.getUserByCookie(req) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently this sends an API request to gotrue server every time it's called. I need to check how auth0 does this. What auth0 method do we use to check for authenticated user?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
auth0 uses a method called getSession
which gets the user's session from the request to check if the user is authenticated.
Closing in favour of #211 |
No description provided.