I have a TS file that contains various auth methods - it sits server side. Is it possible to access Astro.cookies from within it? Thanks!
#Access Astro.cookies in .ts file
untold tapir
earnest citrusBOT
unreal leaf
The Astro global is only available inside .astro files, but you can pass it as a argument to your functions
untold tapir
I've been reading up on middleware - it looks like I should be able to access it there also... about to expriment π
odd agate
I've been reading up on middleware - it looks like I should be able to access it...
Kindly let me know how that goes
untold tapir
Well - I'm still not getting very far - have posted this, as I'm using supabase https://www.reddit.com/r/Supabase/comments/175c8o5/oauth_pkce_flow/
I planned to use the middleware for authentication. Check the cookies etc in the middleware.... but I need to get the auth working.
fleet swan
I got a demo working if it helps here is the link.
https://github.com/kevinzunigacuellar/astro-supabase
untold tapir
Oh wow! Thanks! - and does this use PKCE server side?
fleet swan
it does. I took a whole afternoon to find out that pkce was an option
I tried to make the code as simple as possible to follow up. Let me know if there is something that it can improve
untold tapir
This is brilliant! thanks! I've been trying to get it to work with oAuth (google) and the code - it seems to want to do the verification / exchage client side. This gives me some direction - thank you, I shall try and figure the rest out π
fleet swan
it can be done both ways. I am not sure if there is a recommended way. the example does it server side, just so I do not have to include the supabase library on the client
untold tapir
In order for the oAuth stuff towork - I have to kick it off on the client. Google (or github etc) will return a code - to the server - I then need to use the supabase libary on the server, to swap the code for a token and refresh token. The proble is, because stuff is kicked off client side - the server doesn't know about the verification used so cannot verify the token...
Unless I can find a way to get the verification to the server...
Hang on - I didn't take a proper look earlier as I was reading bedtime stories etc - but you iclude a github oauth example π this looks exactly what I need!
This is pefect!
untold tapir
I have a strange one with the github link - it's dropping the h off https...
signin:1 Failed to launch 'ttps://bvmcjqurk...." because the scheme does not have a registered handler.
I'm puzzled what could be causing this - will do some more digging. I swapped the vercel adaptor for the node adaptor - dunno if that could be the cause?
untold tapir
yeah - I checked that... its all ok
this is the url that is built by supabase.auth.signInWithOAuth
so I just added an 'h' to the start of the data.url string... that go so far, they fetch within the goauth library threw an error (all testing locally)
Found it - I'm an idiot... I can't cut an paste the superbase base url.... sorry
Perfect!! this works π
untold tapir
so, I'm now figuring out how to handle the situation if you're already signed into to github/google etc, and writing some documentation π
untold tapir
I've found a bug that only seems to affect safari... if already signed into the oauth provider, the redirect code is returned, its decoded, but its either not written to the cookie, or the write can't be read elsewhere. Its very odd. Doing some more digging π this is fun - more fun than the day job π
fleet swan
This is interesting. Does it only happens with oauth?
I am thinking is something on the cookie options
untold tapir
Yes - it seems to be only with oAuth
I will see if I can access the cookie directly from the header
ok - they are set by auth/github - and I can read and log them out. It doesn't look like they're passing into middleware.
will play with cookie options π
ok - yes... in auth/github, auth/google etc if I comment out secure, it works
cookies.set("sb-access-token", access_token, {
path: "/",
// secure: true,
httpOnly: true,
});
cookies.set("sb-refresh-token", refresh_token, {
path: "/",
// secure: true,
httpOnly: true,
});
In this context - I'm not sure what the implications are of making the cookies insecure. They are made secure again in the middleware.
In middelware I also have to add .value on
const { data, error } = await supabase.auth.setSession({
refresh_token: refreshToken,
access_token: accessToken,
});
becomes
const { data, error } = await supabase.auth.setSession({
refresh_token: refreshToken.value,
access_token: accessToken.value,
});
Ah! According to my mate Dave - "Safari doesn't allow setting https cookies on http connections, even on localhost"
so I shall try with ngrok
fleet swan
Ah good to know, I will be removing the https in the basic implementation just in case someone is following the example in safari
untold tapir
That's strict off, isn't it
I'm going to set a server up with letsencrypt to test that it really is the issue
It didn't work with ngrok
I probably will end up hosting my app on vercel - although I don't really like vedor locking, I'm using supabase... so in truth, I'm locked in
rose wren
it does. I took a whole afternoon to find out that pkce was an option
I had the same problem. I believe the Supabase docs need some updating in this regard! Same with custom flow storage. I resorted to using Persistent Nanostores when Astro removed the localStorage shim from the api endpoints...
fleet swan
I had the same problem. I believe the Supabase docs need some updating in this r...
I see. I can follow up this feedback to the supabase people