00:17
_whitelogger has joined #amber
01:53
_whitelogger has joined #amber
02:29
_whitelogger has joined #amber
04:50
<
FromGitter >
<valamorgon> I have to pipeline one is default "web" and the other is "api"
04:50
<
FromGitter >
<valamorgon> I configured it like this:
04:51
<
FromGitter >
<valamorgon> for my sessions I can read from both sides but for my I can only set them from web
04:51
<
FromGitter >
<valamorgon> when set my session through api (my api shares the cookie with web) I can only read, but I can't set
04:52
<
FromGitter >
<valamorgon> how should I debug this issue?
04:53
<
FromGitter >
<elorest> Sessions are set from the controllers, and then sent to the browser/api with the header `Set-Cookie`. You'll then need to send it back on every request/post with `Cookie`.
04:58
<
FromGitter >
<valamorgon> @elorest I already return cookies in every request, but in the same request I can read the existing session but can't set a new one.
04:59
<
FromGitter >
<valamorgon> for example
04:59
<
FromGitter >
<valamorgon> for this method session web returns a value, but when I set api to true, I cant see it again in the next request
05:00
<
FromGitter >
<elorest> what is your client?
05:00
<
FromGitter >
<valamorgon> normally android device and browser
05:01
<
FromGitter >
<valamorgon> but now in order to debug I use curl
05:01
<
FromGitter >
<valamorgon> for api
05:01
<
FromGitter >
<valamorgon> curl mywebsite/testapi2 -H "Cookie: mycookie; amber.session=mysession" -H "Origin: mywebsite"
05:01
<
FromGitter >
<valamorgon> I do it like this
05:04
<
FromGitter >
<elorest> What does the return header look like for `Set-Cookie` does it change at all between requests?
05:05
<
FromGitter >
<valamorgon> I follow from amber cli logs, in each request it is always same value for cookie
05:05
<
FromGitter >
<valamorgon> even for web also for api
05:05
<
FromGitter >
<elorest> Hmmm. If you're changing it then it shouldn't be the same. I'm spinning up a test env really fast.
05:06
<
FromGitter >
<valamorgon> thanks a lot for helping
05:06
<
FromGitter >
<elorest> Definitely
05:35
<
FromGitter >
<elorest> @valamorgon are you still there?
05:41
<
FromGitter >
<elorest> Also tried postman and it works.
08:12
<
FromGitter >
<valamorgon> I had to leave for work, I ll try again when I return home. Thanks a lot for your helps. I ll write the results.
14:15
<
FromGitter >
<alex-lairan> Hi, ⏎ ⏎ I am creating a JWT auth with
14:29
<
FromGitter >
<Blacksmoke16> normally its a single secret key, can store in ENV or something to keep it safe, or like secret.yml if thats a thing
14:30
<
FromGitter >
<Blacksmoke16> you'd normally encode like the userId plus the standard JWT fields like `iss`, `aud`
14:31
<
FromGitter >
<Blacksmoke16> but can also include whatever you want, like array of scopes/roles of that user etc
14:31
<
FromGitter >
<Blacksmoke16> is pretty flexible
14:32
<
FromGitter >
<Blacksmoke16> @alex-lairan
15:24
<
FromGitter >
<alex-lairan> Ok, so it's normal to store `{ user_id: ID }` as a encode ?
15:25
<
FromGitter >
<alex-lairan> The thing that the secret key is always the same simplify my life 😂
15:38
<
FromGitter >
<Blacksmoke16> granted there are various ways to handle it
15:38
<
FromGitter >
<Blacksmoke16> sec
15:39
<
FromGitter >
<Blacksmoke16> yea, depending on what your client is, can include anything in the body of it
15:40
<
FromGitter >
<Blacksmoke16> common to just have user_id and have like `aud` set to their name. then use the JWT as the token for front end session
15:40
<
FromGitter >
<Blacksmoke16> so user_id can be used to look them up on api requests, and have name already there for simple UI stuff
19:34
feepbot has quit [Remote host closed the connection]
19:37
feepbot has joined #amber