No authentication token error

[truecode112]

Describe the bug I forked this erp crm project and run the backend in my server. I added MongoDB Atlas url in backend .env file. But when I try to login with admin account, I am getting "No authentication token" error. This is the screenshot https://prnt.sc/gOXT_PY4wj5c

[salahlalami]

@truecode112 in frontend folder , check .env file , and then add :

VITE_BACKEND_SERVER="http://your_backend_url_server.com/"
PROD = false

[salahlalami]

@truecode112 join us this Wednesday : IDURAR Webinar : https://github.com/idurar/idurar-erp-crm/issues/713

[truecode112]

I have already added that so the admin user is logging in. But I checked the http resonse of login. No authorization token is returned

[Drakkarrr]

Did you try to run the setup script first? Change .env database uri to your uri Install node_module npm run setup npm run dev

[truecode112]

Yes, I setup correctly. And I just checked backend code. It sends jwt token in response header cookie. But it seems like, when send request to backend, token is not adding to request header cookie. Any idea?

[salahlalami]

@truecode112 maybe you are using old version IDURAR , please clone again and download last version

[truecode112]

@salahlalami I am using latest version

[truecode112]

Where is the code in frontend that setup cookie in request header?

[salahlalami]

@truecode112 are using npm run dev:remote to connect frontend localhsot to remote dev server ?

in your backend server url , be sure to use "https" instead of "http"

[truecode112]

My backend is https, not http

[salahlalami]

The problem is cors origin , when backend get connection from different origin , that i add proxy in this file vite.config.js

if you are running localhost frontend app and try to connect to remote backend , use : npm run dev:remote

otherwise use : npm run dev

if you are running both frontend and backend on server (not localhost) , be sure they have same domain name

[salahlalami]

@truecode112 , Actually we found bugs caused this issues , please update to last version , bugs is fixed

[truecode112]

I updated to latest version but getting same error. I deployed frontend on vercel and run the backend in my ubuntu server by using nginx.

[salahlalami]

@truecode112 , in this case , you should have same domain name ,

[truecode112]

@salahlalami you mean frontend and backend should be in same domain?

[salahlalami]

@truecode112 yes

[truecode112]

@salahlalami I will try and back to you

[piyush-akoliya]

@truecode112 did it work? because I am facing the exact same issue

[NicoEspositoARG]

This is how i solved while deploying frontend and backend to diferent DigitalOcean Apps, I had to change token cookie settings to avoid getting 401 error after POST to /login return 200 ok.

/api/setting/listAll 401

{"success":false,"result":null,"message":"No authentication token, authorization denied.","jwtExpired":true}

Go to backend/src/controllers/middlewaresControllers/createAuthMiddleware/login.js ln 92, set sameSite: 'none' and secure: false

.cookie('token', token, {
      maxAge: req.body.remember ? 365 * 24 * 60 * 60 * 1000 : null,
      sameSite: 'none',
      httpOnly: true,
      secure: false,
      domain: req.hostname,
      path: '/',
      Partitioned: true,
    })

[spideyO0]

@NicoEspositoARG i am getting the same issue trying to deploy backend on render and frontend on vercel is there any way to solve this issue tried your solution but didn't work for me

[achrarajeev]

I think main issue is domain mismatch at the time of cookie handling. For example you are using xyz.com for frontend and it's running at localhost:3000 same time you are using xyz.com for backend and it's running at localhost:8888, So code is trying to set cookies for the domain name which you have set in host file with the param domain: req.hostname,

So quick fix is

1. you have to set cookie according to ENV either remove domain variable or specify domain name. (backend/src/controllers/middlewaresControllers/createAuthMiddleware/authUser.js)

   if (process.env.NODE_ENV === "production"){ res .status(200) .cookie('token', token, { maxAge: req.body.remember ? 365 24 60 60 1000 : null, sameSite: 'none', httpOnly: true, secure: true, path: '/', Partitioned: true, }) .json({ success: true, result: { _id: user._id, name: user.name, surname: user.surname, role: user.role, email: user.email, photo: user.photo, }, message: 'Successfully login user', }); }else{ res .status(200) .cookie('token', token, { maxAge: req.body.remember ? 365 24 60 60 1000 : null, sameSite: 'Lax', httpOnly: true, secure: false, domain: req.hostname, path: '/', Partitioned: true, }) .json({ success: true, result: { _id: user._id, name: user.name, surname: user.surname, role: user.role, email: user.email, photo: user.photo, }, message: 'Successfully login user', });

   }

2. you have to set CROS server variable according to domain name (backend/src/app.js)

if (process.env.NODE_ENV === 'production') { app.use( cors({ origin: 'https://xyz.com', credentials: true, }) ); } else { app.use( cors({ origin: true, credentials: true, }) ); }

Overall trick is all around to set domain cookie and handling the CROS. Hope it helps.