T
TanStack6mo ago
harsh-harlequin

Setting cookies when you have a separate server that manages auth

I have a separate golang server and I am using tanstack-start. I have a verify otp route that sets a session cookie. I am calling this endpoint from a server function. Now in an ideal world, the cookie on my browser would automatically be set, but it does not get set. Does this have anything to do with server functions not having a stable public url? Server runs on localhost:8080, client runs on localhost:3000. 
export const serverVerifyOtp = createServerFn({ method: "POST" })
  .validator((data: unknown): typeof VerifyOtpInput.infer => {
    return VerifyOtpInput.assert(data)
  })
  .handler(async ({ data }) => {
    const res = ofetch<string>("http://localhost:8080/v1/auth/verify-otp", {
      credentials: "include",
      method: "POST",
      body: {
        email: data.email,
        token: data.token,
        otp: data.otp,
        identifier: "email_verification"
      }
    })
      .catch(error => {
        throw error.data as typeof validateOtpErr.infer
      })
    return res
  })
export const serverVerifyOtp = createServerFn({ method: "POST" })
  .validator((data: unknown): typeof VerifyOtpInput.infer => {
    return VerifyOtpInput.assert(data)
  })
  .handler(async ({ data }) => {
    const res = ofetch<string>("http://localhost:8080/v1/auth/verify-otp", {
      credentials: "include",
      method: "POST",
      body: {
        email: data.email,
        token: data.token,
        otp: data.otp,
        identifier: "email_verification"
      }
    })
      .catch(error => {
        throw error.data as typeof validateOtpErr.infer
      })
    return res
  })
This works perfectly well when I call these functions using tanstack-query, but the moment i chuck it inside createServerFn, browser does not automatically set the cookies when I get a response from my server. I am pretty certain there's something I might be missing.
5 Replies
conscious-sapphire
conscious-sapphire6mo ago
the cookie would need to be set by start again , right now start calls your golang server and swallows the cookie unless I misinterpret what I see here. what is res being returned?
harsh-harlequin
harsh-harlequinOP6mo ago
Makes sense. Here is my golang handler. So essentially, I would have to set cookies again on start when I get a response from the golang api?

message.txt

dependent-tan
dependent-tan6mo ago
Can you try using response: ‘raw’ in server fn ? https://tanstack.com/start/latest/docs/framework/react/server-functions#configuration-options
Server Functions | TanStack Start React Docs
What are Server Functions? Server functions allow you to specify logic that can be invoked almost anywhere (even the client), but run only on the server. In fact, they are not so different from an API...
conscious-sapphire
conscious-sapphire6mo ago
what is res ?
dependent-tan
dependent-tan6mo ago
Looking his snippet is using unjs/ofetch looks like ofetch automatically return the parsed json, not a Response object To pass the headers to the client I think it need to use ofetch.raw to her the headers from the go server response https://github.com/unjs/ofetch and return a new Response (with response: “raw”) from the serverFn
GitHub
GitHub - unjs/ofetch: 😱 A better fetch API. Works on node, brows...
😱 A better fetch API. Works on node, browser and workers. - unjs/ofetch
No description

Did you find this page helpful?