prime lark
Hey there,
First off, I just want to say that Directus has been such a joy to work with. I'm really hoping I can start using it as a backend for any projects going forward.
I'm creating a boilerplate integrating SvelteKit (frontend/backend) with Directus (backend/API), using the directus sdk v11. Lots of frustration around user authentication — specifically, the access_token and refresh_token cookies are not created. Taking lessons from many related github issues and discord comments, this is where I'm at.
Local https setup to allow secure cookie transfer:
- Directus, hosted at
https://directus.localwith Caddy - SvelteKit, running on
https://localhost:5173via mkcert ( tried using caddy but I couldn't figure out the right configuration for an isomorphic app. The first route would load then any subsequent route would complain about the cert. )
So both parts of the stack are running on https, but now I have a domain mismatch. To address this, I added 'https://localhost:5173' to the CORS_ORIGIN environment variable in my Directus setup.
Here's one thing of interest. If I login to the directus admin panel directly, using the url provided by Caddy ( https://directus.local ), no cookie is created, so if I refresh the page, I'm logged out. If I visit the admin panel with the usual http://localhost:8055, the cookie is created. I tried setting REFRESH_TOKEN_COOKIE_DOMAIN to directus.local, but that didn't resolve it.
Questions:
- Does anyone have any suggestions I could try, or willing to spend any time with me to troubleshoot?
- Has anyone successfully created a user auth flow between sveltekit and directus sdk that works locally? Please share your thoughts! I believe once the cookies are being created properly everything will work as expected.
Thanks so much!
cyan ibex
spice mantle