Hi Guys, I am integrating with Ory cloud now and t...
# ory-network
p
Hi Guys, I am integrating with Ory cloud now and trying to validate a user session. I am using next js 12 with _middleware functionality to try to authenticate routes. The issue I have is with the
/sessions/whoami
route. The client request forwards 2 cookies in the request which are • csrf_token_xxxxxxx • ory_session_xxxxxx when I send a request with these cookies to the whoami api route, the request returns an unauthorized error.
h
Is this middleware executed on the backend (serverless/next edge) or on the client (browser)?
p
its on the backend on a next edge environment. (I am using fetch for the request as it is supported in the runtime)
h
Got it, do the cookies arrive in your middleware? You can check that quickly by adding some console.log statements for the HTTP request header
e.g. something like
console.log('got headers:',req.headers)
p
yes the cookies do
Copy code
{
  csrf_token_1f220dfd3a110f2ff4cf98b9463fac75b8bb48b2dd16dae2893d56f4a44exxxxxxxxxxx',
  ory_session_beautifulchebyshevlr0kekd1p3: 'MTY1Mjg3MTI2OXxUcEhCTk1jQWhwZDJHd2xoalpUSGwxa1dIUHJXTkpjOFhoZmtNSWU3ek9mZEt2YVNMUkd6eEpSWkxqdzZENxxxxxxxxxxxxxxxx'
}
h
ok cool, can you show me quickly the
.toSession()
call you’re making?
and also tell me what version of “@ory/client” you use (please check in the package-lock.json)
p
toSession does not work as it used axios, and axios is not supported on the edge runtime
so I have to use the native api
h
Oh really? That’s strange! We use Axios in our nextjs integration package which runs on the edge runtime and it works.
p
Copy code
"0.0.1-alpha.169
strange it was giving me an error about the axios module, maybe its the version
h
maybe I’m also mistaken, give me a sec
my bad we don’t use axios!
Ok cool, can you then show me the
whoami
HTTP call you#re making?
p
Copy code
const test = await fetch(`${process.env.ORY_SDK_URL!}/sessions/whoami`, {
    headers: {
      "X-Session-Token": cookie,
    }
  })
h
Ok, found the error 🙂
p
I have tried with the Cookie header as well
h
What’s the content of
cookie
?
p
MTY1Mjg3MTI2OXxUcEhCTk1jQWhwZDJHd2xoalpUSGwxa1dIUHJXTkpjOFhoZmtNSWU3ek9mZEt2YVNMUkd6eEpSWkxqdzZENlNDWjA2OGZxTVF6Q3lBUy1hUWNHRTFsdFVfak1YaHM3WW5sSFM1UTBrYWhHQ3F6Yk94Zi1aWV9hdmY2OGxaeWpKOXFpVDJub0E4R0E9PXxwvERBQJ24yGWLLbjz0XwUf6YnQAW0OqqRV1kaUhiBQw==
h
it should be along the lines of:
Copy code
const test = await fetch(`${process.env.ORY_SDK_URL!}/sessions/whoami`, {
    headers: {
      "Cookie": "ory_session_xxx=....; ory_csrf_xxx=....",
    }
  })
p
ahhhh let me try that
h
@damp-sunset-69236 we should add a helper function for this here: https://github.com/ory/integrations/tree/main/src/next-edge and add it to our nextJS example. Could you keep track of that please? 🙂
p
you are a legend
it worked
thanks for the help!
d
I created the issue.
h
Thank you Andrew!
Glad it worked @plain-wire-55288!
@wonderful-lamp-2357 Please check the above, I think that we need documentation which explains this so that developers have help resources available when these problems arise. In this case, it’s something fundamental: the backend needs to forward the HTTP headers from the client to ory in order for the login check to work. I think if we explain this and like I did have a small code example so people know what it should look like, we’d be covered. We do this already for nodejs by the way ( https://www.ory.sh/docs/guides/protect-page-login/expressjs#require-login-to-access-the-home-page ) but we don’t really explain what happens there, and people probably also don’t look here when, for example, the SDK doesn’t work. Any ideas how we can package these things nicely? They often prevent people from going the next step and can be a huge time sink
b
I had the same problem with axios
I tried an axios adapter but it was too complicated.
h
b
Yes, exactly