saleor-dashboard
saleor-dashboard copied to clipboard
saleor
JWT_MISSING_TOKEN Error on Dashboard when calling refreshToken
What I'm trying to achieve
Normal use of the dashboard. (3.2)
Steps to reproduce the problem
- Login to dashboard, navigate around for a minute or two.
- You'll notice you are logged out and directed to the login screen.
What I expected to happen
Normal use of the dashboard should not result in logout after only a couple mins.
Http request and response from inspector
{
"data": {
"tokenRefresh": {
"token": null,
"errors": [
{
"code": "JWT_MISSING_TOKEN",
"field": "refreshToken",
"message": "Missing refreshToken",
"__typename": "AccountError"
}
],
"__typename": "RefreshToken"
}
},
"extensions": {
"cost": {
"requestedQueryCost": 0,
"maximumAvailable": 50000
}
}
}
Console output
// insert console output here
System information
Saleor version:
- [ ] dev (current main)
- [x] 3.2
- [ ] 3.0
- [ ] 2.11
- [ ] 2.10
Operating system:
- [ ] Windows
- [ ] Linux
- [x] MacOS
- [ ] Other
Browser:
- [ ] Safari
- [x] Chrome
- [ ] Edge
- [ ] Other
Same error. Any clues to debug ?
{ "data": { "tokenRefresh": { "token": null, "user": null, "errors": [ { "code": "JWT_MISSING_TOKEN", "field": "refreshToken", "message": "Missing refreshToken", "__typename": "AccountError" } ], "__typename": "RefreshToken" } }, "extensions": { "cost": { "requestedQueryCost": 0, "maximumAvailable": 50000 } } }
Hey, you'll usually see this error if your browser has disabled third-party cookies and you're running dashboard on a different domain than saleor. There are 2 ways to fix this:
- Run dashboard and saleor on the same domain
- Enabled third-party cookies in your browser settings
@karolkielecki @jwm0 Thank you for your time taking a look and getting back on this.
- I am running Saleor on same docker network on my AWS EC2(same domain). For my knowledge gathering, can you please point me to any resource or theory that related to this behaviour ?
- On my chrome & firefox, I do have 3rd party cookies enabled and have explicitly allowed cookies including 3rd cookies for my site. I still see the error.
@reachkrishnaraj there's also a possibility you're not using HTTPS in which case the cookie will not be set (as there's a Secure flag present: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies)
Best way to debug it would be as follows:
- Open a brand new session (not previously logged in)
- Open up browser dev tools and select network tab
- Log in with correct credentials, you should see a
tokenCreatemutation request - Inspect its headers (and "Cookies" tab if you're on Chrome) and see if there are any warnings/errors related to that. If everything goes well there should be a
set-cookieheader present withrefreshToken
I did globally allowed all cookies from all sites on chrome, started a new chrome window and I still this issue.
@jwm0 value of my Set-Cookie header:
Both our API and dashboard deployments are on the herokuapp.com domains.
@shauntrennery herokuapp.com is listed under Public Suffixes List which means it's treated as cross-domain due to security concerns. You can get around this by setting SameSite=None or using a custom domain.
I think the solution would be to set SESSION_COOKIE_DOMAIN to the main root domain. example: myrootdomain.com and have dashboard @ store.admin.myrootdomain.com & core @ store.api.myrootdomain.com ?
I take my prev comment back, so I this we need to set top level domain here https://github.com/saleor/saleor/blob/main/saleor/core/middleware.py#L124
@jwm0 correct ? Would inputs are greatly appreciated, pls offer some more insight on what else needs to be changes please . Thank you
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}