https://www.ory.sh/ logo
Join Slack
Powered by
Hello team! I am new to Ory and currently investi...
# _newcomer
e
Hello team! I am new to Ory and currently investigating how does it work and trying to figure out functionality. I started with Ory Quickstart for next.js application and it worked like a charm locally. Next, I tried to deploy it on Vercel and where I got stuck 😅 When I go to the 
/
with my vercel domain I got:
Copy code
GET <https://eager-franklin-3vbqv90l3p.projects.oryapis.com/sessions/whoami> 401 (Unauthorized)
so, request to whoIam returns 401 and after that I was redirected to welcome page 
<https://eager-franklin-3vbqv90l3p.projects.oryapis.com/ui/welcome>
where my session is presented (because I logged in previously). For some reason, on my vercel domain, it can't find the cookie session and redirect to the welcome page (in ory console it's a default path as far as I remember). Previously I had an issue with CORS and I fixed it with this: https://www.ory.sh/docs/guides/cors#enable-cors I think, the issue is a configuration in ory console, But I couldn't figure it out 😓 If I logged out from welcome page and go again to vercel domain, I will be redirected to 
<https://eager-franklin-3vbqv90l3p.projects.oryapis.com/ui/login?flow=2175c2df-d424-4497-aba1-bbed122aa473>
after successful signing in, i saw for a moment my vercel domain home page with null sessions and was redirected again to welcome page, because whoami retured 401 any ideas? 🙂 The code is the same as in quickstart:
Copy code
useEffect(() => {
    // Check if the user is authenticated
    const checkSession = async () => {
      try {
        // Browser automatically includes cookies in the request
        const session = await ory.toSession()
        setSession(session)

        // Get the logout URL once we have a session
        try {
          const { logout_url } = await ory.createBrowserLogoutFlow()
          setLogoutUrl(logout_url)
        } catch (logoutError) {
          console.error("Error creating logout flow:", logoutError)
        }
      } catch (error) {
         console.error("Error ory.toSession()", error)
        // No valid session found, redirect to Ory login
        window.location.href = `${basePath}/ui/login`
      }
    }

    checkSession()
  }, [])
for the context:
Copy code
import { FrontendApi, Configuration, Session } from "@ory/client-fetch"

const basePath = process.env.NEXT_PUBLIC_ORY_SDK_URL || "<https://eager-franklin-3vbqv90l3p.projects.oryapis.com>"

const ory = new FrontendApi(
  new Configuration({
    basePath,
    credentials: "include",
  }),
)
looks like it's still CORS issue as I finally noticed:
Copy code
Referrer Policy
strict-origin-when-cross-origin
ah, probably unrealted
After multiple evenings, I finally fixed it. The issue with this docs is that it doesn't cover fully the config for cors. The command
Copy code
ory get identity-config ...
returns
Copy code
session:
  cookie:
    domain: <http://eager-franklin-3vbqv90l3p.projects.oryapis.com|eager-franklin-3vbqv90l3p.projects.oryapis.com>
    name: ory_session_eagerfranklin3vbqv90l3p
    path: /
    persistent: false
    same_site: Lax
where same_site=Lax causes the issue for cross domain interactions. 
same_site=None
fixes it
m
Oh great that you figured it out, I was out of office for a couple of days 😅 Thanks for the feedback, let me know if you have an idea what to fix in the docs, otherwise I will see to take a look next week.
p
facing the same problem here, I set the session to both Lax and None, nothing seems to work from vercel 😕
Copy code
// CORS
serve:
  public:
    base_url: <https://projectId.projects.oryapis.com/>
    cors:
      allowed_origins:
      - <https://projectId.projects.oryapis.com/>
      - <https://vercel-my-app.vercel.app>
      enabled: true
    request_log:
      disable_for_health: true


// Session
session:
  cookie:
    domain: agitated-nash-tvg36a035j.projects.oryapis.com
    name: ory_session_agitatednashtvg36a035j
    path: /
    persistent: true
    same_site: Lax | None //  neither works
tunneling works locally
🤔 1
2 Views
Open in Slack
PreviousNext
Powered by