https://www.ory.sh/ logo
Join Slack
Powered by
We have been using Ory for the past year and very ...
# _newcomer
m
We have been using Ory for the past year and very happy with it. We have a react native client that works seamlessly. Recently we have been working on a flutter web client and facing some issues using the sdk - what would be the best place to get help on this subject?
m
Hello @magnificent-oxygen-19823 What kind of help are you looking for exactly? Generally there are two ways to get support when you are self-hosting Ory community support, which is asking nicely here and on GitHub or professional support - which is paid and delivered by the Ory team directly. When you are using Ory Network it depends on the support included in your plan.
m
Hey Vincent. We have a self-hosted ory instance and a dedicated authentication app that is a next js app. Both these work fine and we use them in production today. We have a new flutter web client that is using the ory-sdk in dart for flutter web and having issues with cookies being properly set after being redirected back to our app from our auth app. We have tried so many things, been through all the issues on github - it seems like the use of 
withCredentials: true
in Dio is not working as expected. We have tested and verified that this is infact an issue with our client and not the server - if we run this command in the console under the same domain - we get a response but via the flutter app we get a CORS issue and noticed the headers with cookies are not being set.
Copy code
fetch('<https://accounts05.bullbitcoin.dev/api/.ory/sessions/whoami>', {credentials: 'include'}).then((res) => { return res.json() }).then((data) => { console.log(data) })
I was going to open an issue on Github but saw that you guys have a community slack so I thought I'd come here first.
one thing we noticed; which maybe worth adding to the docs and might also be the issue with the sdk is that for browser clients we have to use 
DioForBrowser
and not just standard 
Dio
- looks like ory-sdk uses standard 
Dio
everywhere. There was a moment last week where we got things to work but for some reason now its back to not working as expected.
we tested adding 
withCredentials
in multiple places: • in Dio's BaseOptions • in BrowserHttpAdapter (as stated in the docs) • in the call to 
toSession
as 
extra
We have tried combinations of just 1 of the above, pairs of 2, and in all 3 places; none of them have given an expected result.
I was just about to try making these calls ourselves via httpClient and not using the ory-sdk for now; since all we use are the 
whoami
endpoints for Login and the logout endpoint in our dart client - but long term it would be good to fix this in the sdk (assuming thats where the issue is and not our implementation)
m
Hmm I see, yes there are some small bugs in the Dart SDK I think - in most cases connected to the openapi-generator that we use to create the SDK. We have been looking to hire someone to work on these openaigen issues, at the moment search is still ongoing - so if you know someone https://www.ory.sh/jobs/ 🙏 will check a bit if I can help with your immediate issue, but I also don't have a lot of experience here.
m
Okay. I'll pass the job link to a few dart engineers I know.
Hey just want to post an update here
we fixed the CORS issue we were having after 2 days of trying so many different things
the problem was that our client was sending too many headers
if anyone in the future has a cors issue; suggest they try without sending any header from the client
m
Thanks for the update Ishi - if you have an idea where this tip would fit best in the docs let me know, I added it to my list of things to add
m
Maybe under a 
Common client side Issues
section?
taking a look at the existing docs
techncially the docs you have for the flutter example works as expected. Its just if clients deviate from that - which most usually will to fit their application structure - they should always keep in mind: • 
DO NOT add Access-Contol-*
headers in an attempt to fix a cors issue - it will only make the problem worse as its basically asking the browser to be more strict with its cors protection • Other standard headers like 
Authorization
could also cause an issue - we had Basic auth enabled on our staging servers but the ory endpoints did not need it and it can be problematic in preflight 
OPTIONS
calls When we fixed our issue i removed 
Content-Type
and 
Authorization
; but i have a feeling 
Content-Type
was still okay - i will re add it and see if the issue persists.
This is also assuming that they have configured the server correctly - in our case the server was configured correctly to allow our domains; and on localhost the port is also important. If your client is running at 
localhost:3000
the 
Allowed-Origins
header should specify the port as well; just 
localhost
will not work.
also; one way to test from is running this command from your browsers console;
Copy code
await fetch('https://$YOUR_BASE_URL/api/.ory/sessions/whoami', {credentials: 'include'}).then((res) => { return res.json() }).then((data) => { console.log(data) })
This was always working for us when we ran it from our browser console while on the whitelisted domain; running it on any other website would fail (correctly) This will let you know whether the issue is the client or the server; and this command has no headers set.
2 Views
Open in Slack
PreviousNext
Powered by