#[SOLVED] Overriding cloud provider requirement

I am trying to build the Appwrite adapter for NextAuth.js which provides an easy setup to add authentication to NextJS, Svelte, etc. using different providers and adapters. The adapter connects the database with the front end and you don't have to write any query to create, update, delete, and read any user, session, or token. Adapters have methods defined to query the database.

I created the adapter and tested it locally in isolation and in integration with NextJS, everything worked as expected now I had to write the script which can create a database, create all the collections with attributes and indexes, and create relationships. So far so good but I got stuck at one point, in the test we cannot use credentials to create a project or use an existing project because it will be tested by many different members at NextAuth and they do not want to create an account and project just for testing this adapter. So they said, "We need a way to test it locally without any cloud provider requirement, like Firebase local emulator". As far as I know, even for using self-hosted Appwrite I will need to log in to create a project. Now is there any way we can override authentication? or any alternative

I hope my problem is clear, if not then please let me know. Thanks

Here is the PR you can follow https://github.com/nextauthjs/next-auth/pull/10000

Replied there

You mean like for example, to create the database, collection, etc you use the server SDK, you don't even want to use the token?
Because if you use a token, and then give all permission to the collection you won't need authentication.

In your case, you want to avoid any authentication? (I don't know Fibrebase local emulator)

Read that but still, you need to log into the console running on your local to create a project.

We do need the token otherwise nothing works right. A kind of proxy I don't know 😅 . A way that can let me use all the methods locally and since it is local maybe we can remove authentication to the console, right?

Just to understand, the appwrite instance will be run locally right? or do you pretend to integrate someting similar to CI/automation?

Yes it will run locally.

Is there a way I can set the project ID in the compose file?

What do you want to?

It's like trying to test a MariaDB database without installing it 🤷‍♂️

Not really, the only workaround I can think at this moment, is to expose the mariadb port and run a query, to create a token with the permissions so you can always use the same token, and it will have the permission you need to create the database and all the stuff you need

Apologise if my question was not clear. I know this is not how Appwrite works. I was hoping maybe we can just create a project locally without having to log in like we can do in supabase https://supabase.com/docs/guides/cli/getting-started?platform=linux
anyways thanks for the help. I will try to figure a way out.

That might be helpful thanks

You're welcome, let me know if you get to work this, I think I understand why you need this

So I got to a point where if I could write a few queries to first create a team, then a project with the team in mariaDB then maybe I could use the project UID to invoke the SDK client and test my adapter. Too many things could go wrong but worth a try since I have no other options

You can develop locally. Appwrite has a CLI too.
As you see in the CLI docs you need to install supabase locally with docker. Same happens with appwrite

Then do I have to login to create a project? Because last time I checked I had to login to create a project

Yes, you need to login in your local instance obviously for security reasons. I think supabase doesn't have that, but what's the advantage of omitting that? Also it's not that difficult to login 😅

I know it's not difficult to login but NextAuth members do not want to login just to test the adapter. All the adapters they currently have runs the tests without signing into the local instances.

It should be a fully automated process

I wish I could use my creds in script to authenticate but that's not gonna happen

I would only create the project and the token, when you get the token, you can create anything with the Server SDK

Yes I actually checked the table and it also had the team relationship so maybe it is needed right? or I can just create the project without any team is that possible?

I'm not sure, but I think isn't necessary to have a team, just as you don't need a team to create an account

Aha gotcha! Worth a try. Will keep you posted thanks 🙏

Update:
I tried to back door myself in the DB using some script here and there. But then as I keep patching things up to override the authentication, things are getting much more complex. So I guess it's just not worth it. Now I need to find another way for this.

But one thing is sure that if in future I have enough bandwidth I will try to work on this feature like supabase has

Do you know exactly how supabase do this?

Right now not exactly, but during my exploration I found a few ways that we can use to achieve complete local instance feature

If you find any information to make this happen, please update this topic, so we can give this information to the team, database will have more improvements/features after 1.5

@gray vortex local self-hosting does not require a cloud signup. The signup remains localised to your setup. Is that also a problem?

Yes no auth at all that's what next auth team need, so if you have used Supabase CLI there you can create a project without having to login

cc: @novel sparrow

you should be able to set spin up a self hosted instance in the CI pipeline and then use curl or something similar to create a console account, org, and project. We do this for our E2E tests. i would suggest inspecting the network logs to see what API calls are needed

This has solved my issue, and now I can finish building this adapter, thanks a lot @novel sparrow

Thanks @eternal venture

@novel sparrow is there a better way to check if the appwrite docker container has been successfully connected to the DB and all the collections have been created? Rather than waiting for 20-40 seconds more or less depending on the host device

Is there something wrong in the scopes because after creating the API key I am not able to create the database, here is my script:

response=$(curl -b /tmp/appwrite_adapter_session.txt \
      --location "http://localhost/v1/projects/${PROJECT_ID}/keys" \
      --header 'Content-Type: application/json' \
      --data-raw '{
      "name": "some key",
      "scopes": [
          "users.read",
          "users.write",
          "teams.read",
          "teams.write",
          "databases.read",
          "databases.write",
          "collections.read",
          "collections.write",
          "attributes.read",
          "attributes.write",
          "indexes.read",
          "indexes.write",
          "documents.read",
          "documents.write",
          "files.read",
          "files.write",
          "buckets.read",
          "buckets.write",
          "functions.read",
          "functions.write",
          "execution.read",
          "execution.write",
          "locale.read",
          "avatars.read",
          "health.read",
          "migrations.read",
          "migrations.write"
      ]
  }')
  secret=$(echo "$response" | jq -r '.secret')
  echo "API Key Secret created successfully, writing .env file"
  if [ -f .env ]; then
      sed -i "s/API_KEY_SECRET=.*/API_KEY_SECRET='$secret'/" .env || echo "API_KEY_SECRET='$secret'" >>.env
      exit 0
  fi

And here is the error:

Serialized Error: { code: 401, response: { message: 'User (role: guests) missing scope (databases.write)', code: 401, type: 'general_unauthorized_scope', version: '1.4.13' } }

Error means you're not logged in. I think there's another flag needed for the cookie

If I recall correctly, 1 flag is for requests and another is for response

Actually I am getting this error when I use node sdk. When I use this generated API key to create a client instance and use that to create the database at that moment I am getting this error

Also I checked the console to make sure if all the 27 scopes were selected for this API key, it was all there

What's the code and error?

This is the code:

import { AppwriteAdapter, AppwriteAdapterOptions, formatter } from "../src";
import { Client, Databases, ID, Query } from "node-appwrite";

const config: AppwriteAdapterOptions = {
    endpoint: process.env.ENDPOINT as string,
    project_id: process.env.PROJECT_ID as string,
    api_key_secret: process.env.API_KEY_SECRET as string,
    database_id: "",
    user_collection_id: "",
    session_collection_id: "",
    account_collection_id: "",
    verification_token_collection_id: "",
}

const client = new Client();

client
    .setEndpoint(config.endpoint)
    .setProject(config.project_id)
    .setKey(config.api_key_secret);


const database = new Databases(client);
const database_id = ID.unique();

await database.create(database_id, "Auth TEST Database")

Error:

Serialized Error: { code: 401, response: { message: 'User (role: guests) missing scope (databases.write)', code: 401, type: 'general_unauthorized_scope', version: '1.4.13' } }

Can you try logging all your environment variables before passing them to the client?

Yes did that and all the variables have the value

No extra spaces anywhere? The error you're seeing means the key is invalid. Not even missing scopes.

No extra spaces and also used the trim function and still getting the same error

You're copying the key from the console?

No generating them by calling the API in the shell script

here is the project https://github.com/sourabpramanik/next-auth/tree/feat/appwrite-adapter/packages/adapter-appwrite

Check the console and compare

Yes both are same

Here is the script https://github.com/sourabpramanik/next-auth/blob/feat/appwrite-adapter/packages/adapter-appwrite/test/setup.sh

Works well, bit of redundancies are there but does the job for now

@novel sparrow Error log from the SDK

Ya this error means the key is invalid. Maybe because of the project id or key

I'll try this out later today

I appreciate that, thank you

Didn't get a chance today but will try tomorrow

sure no problem✌️

ok so i ran your base-test.sh and it generated the API key correctly

i used the API key and manually made a curl call to list databases and that worked

Yes I tested that in curl it works but why not with the SDK?

can you share your curl vs the error log output from your script?

Here

For curl I don't see any error

I meant the curl request/command that you made

Sorry it was a mistake from my end, when I run the curl request to create the database I get the same error [email protected] (role: users) missing scope (databases.write)

Ok I found the issue, the curl request fails because of the missing header x-appwrite-mode=admin and so this error is thrown

And for Node SDK this header is missing https://github.com/appwrite/sdk-for-node/blob/b1039ace76f42f82b7b4635ff41fe724176727a3/lib/client.js#L10C1-L23C6

admin mode should only be required when using a console cookie

"role: users" means you're authenticated as an end user

Got that

Finally solved all the problems thanks a lot @novel sparrow if not for you I would have suffered long

What was the problem?

After generating the Api key I was not sourcing the .env file and because of which the SDK was using the old Api key.

Ahhhhh that makes sense