Validating Token from a seperate backend service

[rozzrr]

Hi,

setup is a nextjs frontend configured with authkit - setup with cookie password and the instructions detailed in the user guide. this works fine and i can authenticate, sign in etc.

we have a seperate backend in which we have installed the workos lib and trying to authenticate the request from the front end using something like :

cookie_pw = settings.workos_cookie_password if not cookie_pw: logger.error("WorkOS cookie password is not set in settings.") raise HTTPException(status_code=503, detail="Something went wrong")

sealed_session = request.cookies.get("wos-session")
if not sealed_session:
    logger.error("No session cookie found.")
    raise HTTPException(status_code=401, detail="Unauthorized: No session cookie found.")

session = await work_os_client.user_management.load_sealed_session(
    sealed_session=sealed_session,
    cookie_password=cookie_pw,
)


auth_response = session.authenticate()
if not auth_response.authenticated:
    logger.error("Invalid session cookie. Authentication failed.")
    raise HTTPException(status_code=401, detail="Unauthorized: Invalid session.")

this is just an example ....

however upon inspection i constantly get a invalid padding exception raised : binascii.Error: Incorrect padding, aswell as a raise InvalidToken cryptography.fernet.InvalidToken - which then causes the authentication to be "false".

both environments have the same cookie password set, using the same client id and same api key, so i am unsure on how to solve this issue as it seems to be coming from the fernet class.

Thanks in advance!