https://www.ory.sh/ logo
Join Slack
Powered by
I’ve been having a hard time getting Ory integrate...
# ory-network
s
I’ve been having a hard time getting Ory integrated into a modern NextJS app. I was getting a CORS error when I was requesting 
GET <https://hidden.projects.oryapis.com/self-service/login/browser>
to render the login form. But then I ran the following and that problem went away:
Copy code
ory patch project my-id \
  --replace '/cors_public/enabled=true' \
  --replace '/cors_public/origins=["https://*.<http://vercel.app|vercel.app>"]'
However, when I submit my login form, my browser attempts 
POST <https://hidden.projects.oryapis.com/self-service/login?flow=hidden>
and the pre-flight OPTIONS request lacks any CORS header, making my browser reject the request. Code in 🧵
Copy code
import { Configuration, FrontendApi, Session, Identity } from '@ory/client'; // 1.20.4

// Create a new Ory SDK instance for client-side use
export const ory = new FrontendApi(
  new Configuration({
    basePath: CONFIG.auth.api.frontendUrl,
    baseOptions: {
      withCredentials: true,
      headers: {
        Accept: "application/json",
        "Content-Type": "application/json",
      },
    },
  })
);

// ... in component

const [flow, setFlow] = useState<LoginFlow | null>(null);

useEffect(() => {
  const initFlow = async () => {
    const { data } = await ory.createBrowserLoginFlow();
    setFlow(data);
  };

  initFlow();
}, []);

const handleSubmit = async (event: React.FormEvent<HTMLFormElement>) => {
  event.preventDefault();
  if (!flow) { return; }
  
  try {
    const formData = new FormData(event.currentTarget);
    
    // Find the CSRF token input node
    const csrfToken = ...
    
    if (!csrfToken) {
      console.error('Missing CSRF token in flow:', {
        hasNodes: !!flow.ui?.nodes,
        nodeCount: flow.ui?.nodes?.length
      });
      throw new Error('Missing CSRF token');
    }

    await ory.updateLoginFlow(
      {
        flow: flow.id,
        updateLoginFlowBody: {
          method: "password",
          identifier: formData.get("identifier") as string,
          password: formData.get("password") as string,
          csrf_token: csrfToken,
        },
      },
      {
        withCredentials: true,
      }
    );

    // ... do things over here
  } catch (err) {
    console.error('Failed to update login flow:', err);
  }
}
m
s
@magnificent-energy-493 thanks, yes, I took a dive last night trying to use that. it seems quite broken, e.g. if you open it via https://github.dev/ory/elements/tree/main/examples/nextjs-app-router, it appears that none of the types line up
the package.json lists:
Copy code
"@ory/nextjs": "*",
    "@ory/elements-react": "*",
I’m not sure what versions are expected to work in this example.
pinning 
@ory/elements-react
to 
"^1.0.0-next.41"
seems to be a good start
Following up on this, I’m now doing well. thanks
m
@swift-processor-51967 what was the solution?
s
Namely to specify the versions:
Copy code
"@ory/elements-react": "^1.0.0-next.41",
    "@ory/nextjs": "^1.0.0-next.5",
Additionally, there was a bit of catchup for me on what exactly was changing here vs the old way of integrating NextJS. Namely, the middleware. The fact that I no longer need Ory Tunnel or a different approach between dev vs prod (which I found confusing) or local vs deployed is pretty huge, I think the docs kind of bury the lede on that. There are still some API operations that I need to port, but am happy with this new direction!
m
Thanks that feedback helps! We are looking to fix the version soon/do a proper release. For the rest, something to keep in mind when we update the docs there, FYI @bland-eye-99092
2 Views
Open in Slack
PreviousNext
Powered by