search

supertokens / supertokens-flutter

Flutter SDK for SuperTokens
https://supertokens.com
Other
14 stars 10 forks source link

Issues when api-domain and auth-domain are on different ports #55

Open djuelg opened 5 months ago

djuelg commented 5 months ago

You provide the possibility to have different backends for the api-endpoints and auth-endpoints, by configuring sessionTokenBackendDomain. In our environment the two systems run on the same domain, but on different ports.

When you try to authenticate your Dio api-requests via SuperTokensInterceptorWrapper, the method shouldRunDioInterceptor will return false, when the ports differ, leaving the requests unauthenticated. The causing code is:

    if (SuperTokensUtils.getApiDomain(options.uri.toString()) !=
        SuperTokens.config.apiDomain) {
      return false;
    }

In my example the two values would evaluate to:

Using the following config:

    SuperTokens.init(
        apiDomain: 'https://example.com:3000/',
        sessionTokenBackendDomain: '.example.com/');

This issue prevents the sessionTokenBackendDomain from being evaluated. Wouldn't it be sufficient to rely on the following check only?

    if (!Utils.shouldDoInterceptions(
        options.uri.toString(),
        SuperTokens.config.apiDomain,
        SuperTokens.config.sessionTokenBackendDomain)) {
      return false;
    }
rishabhpoddar commented 5 months ago

I see. The issue is that our implementation does not take into account different ports. You have two options:

djuelg commented 5 months ago

For the moment I just extended from SuperTokensInterceptorWrapper to override shouldRunDioInterceptor. But when I find the time, I'll look into creating a PR :)