#401 general_unauthorized_scope: role applications v1.6.0

4 messages · Page 1 of 1 (latest)

lone wraith Mar 27, 2025, 6:25 PM

Hey folks,
I'm trying to handle auth on the server side in my SvelteKit app. I was able to successfully create a session with createSession() and store the sessionId and userId as http-only cookies. I'm getting them in hooks.server.ts and try and verify the session with getSession(sessionId).
However I get an error of 401, 'general_unauthorized_scope', (role: applications) missing scope (account)
Any leads?

I should mention the I've been following the docs for getSession() for NodeJS and set the API key scopes for auth session.write, users.read, users.write

https://appwrite.io/docs/references/1.6.x/server-nodejs/account#getSession

Account API Reference - Docs - Appwrite

The Account service allows you to authenticate and manage a user account.

dire hawk Mar 27, 2025, 8:20 PM

getSession is only available on clients setup with a user session on them, ideally you would have an admin client initialized with an API key and a session client initialized with the user session.

You would use the admin client to create a session and set that session secret on a new session client. This way you are acting on behalf of the current user and not an API key for everyone.