search

appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
33.95k stars 3.66k forks source link

[Feature]: Bind session/server-side cookies to every request #15740

Open ChandanBalajiBP opened 2 years ago

ChandanBalajiBP commented 2 years ago

Is there an existing issue for this?

Description

User wants to bind the serve-side cookie (received as a response of first request) to the all request thereafter.

User1 - https://discord.com/channels/725602949748752515/760761686549463060/1004475220272349214

User2

Screenshot 2022-06-01 at 1 21 43 AM

Steps To Reproduce

Reported by user, don’t have a sample API to test.

Public Sample App

No response

Version

Cloud

Front logo Front conversations

pranavkanade commented 2 years ago

Any timeline for this? A user reached out regarding the issue - https://discord.com/channels/725602949748752515/1004475220272349214

iamenrique commented 1 year ago

I have had the same need. Please, read my question on the forum: question

I work on a Product A with its own authentication method. I’m exploring Appsmith using the self-hosted deployment method. Product A is responsible to manage Appsmith users, i.e. create an Appsmith user per Product A. Inside Product A, I display an iframe with an embedded Appsmith app. Before pulling the Appsmith app document, Product A makes sure the iframe has a valid Appsmith SESSION (if not, the user is automatically logged in using the Appsmith API behind the scenes). At this point, the iframe has both sessions (Product A and Appsmith). Now, the Appsmith app has an Authenticated API datasource and Queries/JS configured to reach Product A’s API. I confirmed A’s API is being reached from the embedded app and public endpoints are returning the response correctly. However, the private endpoints (behind A’s authentication) return 401 because A’s Session is not present in the Cookie header. Using the browsers dev tools, I can confirm that the iframe is sending A’s Session in the Cookie header (to Appsmith’s API: /api/v1/actions/execute ) but that Cookie header is not reaching A’s API at all. My assumption is that Appsmith’s backend is not capable of passing certain HTTP Header from the apps request onto the target/API request. So, the question is: How can the embedded Appsmith app perform requests to an Authenticated API when rely on my own authentication method? The data pulled by and displayed in the embedded app must depend on the parent A user.

sribalajig commented 1 year ago

@PiyushPushkar02 please check this out and see what we need to do to support it.

ShivamQikpod commented 1 year ago

I created a login page (with phone number and OTP), so I want to add the cookies in the page which will get expired in every 24 hours after login how can I do this?

18sby commented 6 months ago

+1 on this request.

daaliachhak17 commented 2 months ago

Is anyone working on this? Can my team pick up this issue? If yes, can we have a loom video recorded for reproducing this?

sanvolador commented 2 months ago

I have a login server authenticating using user/password. It returns a message with a cookie containing a SID token to include in subsequent requests. There should be a way to do this, or at least to manually add the cookie header with the Sid stored in the browser.