Capacitor Logging In but then getting unauthorised on Api's

1

Wonder if anybody could help. I have been able to log in using a android mobile app with capacitor. I can return user name etc… from the same api action.

When I try to run any other api actions I get unauthorised response. I have got my security provider set to set to secure and samesite = none.

On the mobile app I have the credentials ticked on the api actions.

Could anyone point me to what I am missing.

Thanks,

2

What authorization setup are you using? Have you checked to be sure that the API has access to the credentials or token so it can run later?

I’m kind of making guesses, I think a little more info about your setup and exact error conditions would help narrow it down.

3

Thanks. I am just using standard security provider.

Screenshot 2022-12-20 at 19.13.31
Screenshot 2022-12-20 at 19.13.31828×864 37.7 KB

Then I am using Capacitor and calling this API to login. This is successful. At the end of this API I get some user details which come through fine. When I check though no cookie is set.
Screenshot 2022-12-20 at 19.45.44
Screenshot 2022-12-20 at 19.45.441220×1084 145 KB

Screenshot 2022-12-20 at 19.36.11
Screenshot 2022-12-20 at 19.36.111298×586 42.2 KB

I then on success run a API to get some more data. I get the below response and no data through.

Screenshot 2022-12-20 at 19.39.09
Screenshot 2022-12-20 at 19.39.091222×1098 110 KB

I have ran another API that doesn’t need you to be logged in to view and this is working fine so I think it’s something to do with the cookie not being set but I am really not sure. I have tried adding this to the config but with no luck.

Screenshot 2022-12-20 at 19.42.51
Screenshot 2022-12-20 at 19.42.51586×640 23.6 KB

I am running the mobile app on Android Studio. If I switch over to Cordova everything works okay. Any help would be brilliant I’ve been going round in circles on it for a few days but it’s all over my head.

1 Like
4

Make sure you tick the ‘credentials’ checkbox on each server connect component on your page

There is a FR to make it ticked by default for mobile projects:

1 Like
5

Thanks @bpj. Just voted for this :slight_smile:

I have ticked the credentials on all the server connect components. Have you been able to get Capacitor to work in this way in any of your projects?

6

Just wondering @Teodor is this possible in Wappler at the moment using Capacitor (Cordova works okay) to set cookies without adding lots of manual code? Or is there a way around using Capacitor for API actions behind a security provider / restrict?

Thanks,

7

I have been looking further and on my site the cookie is saying samesite=strict. I have set the samesite to none (see below). I have redeployed to DigitalOcean numerous times. Is this correct or could this be the problem?

Screenshot 2022-12-23 at 20.47.31
Screenshot 2022-12-23 at 20.47.31808×166 12.5 KB
Screenshot 2022-12-23 at 20.47.17
Screenshot 2022-12-23 at 20.47.17854×930 38.7 KB

9

I don’t think the samesite setting applied properly:

2 Likes
10

Thanks. Yeah think your right. Did you find a workaround or just waiting for a update?

11

I manually adjusted the provider.js file as detailed in the post

1 Like
12

Thanks so much :slight_smile:

That solves the problem. Capacitor is now working as expected.

1 Like