fix: update basePath config in index.js #1485
Conversation
AFAI understood, the basePath in the SDK configuration should point to the proxy and not to <slug>.projects.oryapis.com. When pointing to oryapis.com or the ORY_SDK_URL, the login works, but when you want to add the logout, you get an error (Unable to log out because the logout token in the URL query does not match the session cookie.)
OryTiki
requested review from
aeneasr,
zepatrik,
piotrmsc and
Benehiko
as code owners
| @@ -9,7 +9,7 @@ var sdk = require("@ory/client") | |||
| var ory = new sdk.FrontendApi( | |||
| new sdk.Configuration({ | |||
| basePath: | |||
| process.env.ORY_SDK_URL || "https://playground.projects.oryapis.com", | |||
| "http://localhost:4000/.ory", | |||
There was a problem hiding this comment.
This API call doesn't need to go though the proxy - so it's easier / better / more flexible if it just points to the regular SDK url. I think this was fine the way it was, or did you encounter any issues?
There was a problem hiding this comment.
I did encounter an issue (on localhost) when trying to implement the logout method via createBrowserLogoutFlow. Redirecting the user to the provided logout_url, led to the error: Unable to log out because the logout token in the URL query does not match the session cookie.
My fix was to set the basePath to localhost:4000. After that change, the logout_url is working as desired
There was a problem hiding this comment.
maybe the guide is inconsistent with the example code. or it has been changed.
I don't think this example uses the integrations package to proxy requests to itself and thus you need to spin up the proxy / tunnel externally.
Using the upstream Ory APIs would thus give infinite redirect loops since the cookie is not set correctly. So i think this change is actually correct.
There was a problem hiding this comment.
Why is the CI then failing? :D
The set up for this app is ory proxy -> node app iirc. The node app calling the ory APIs will not send any cookies anyways. I don't think this makes sense to loop it again through the proxy: ory proxy->node app->ory proxy->oryapis.com
We only need the proxy for the browser to send the right cookies. The node app doesn't send cookies anyways (because it's an SDK client). It can only forward those that were included in the incoming request.
Will need to look into the reason why logout_url isn't working though
|
closing this but should be investigated |
|
If it needs investigation please create an issue or keep this open! |
AFAI understood, the basePath in the SDK configuration should point to the proxy and not to .projects.oryapis.com. When pointing to oryapis.com or the ORY_SDK_URL, the login works, but calling
createBrowserLogoutFlowreturns a logout url, which leads to an error (Unable to log out because the logout token in the URL query does not match the session cookie).TBH I'm not sure if the basePath should point to
http://localhost:4000/.oryorhttp://localhost:4000