nextjs cookie from api route not returned to client - solved

Question

I am using a JWT token inside a cookie so that I can have a short-lived cookie and then a refresh token that is used after say 5 minutes. I expect both cookies to be saved browser cookies on completion of signup.

Looking at the response headers from the Axios call to nestjs I can see the cookies but not in the client-side page (pages directory) or the browser.

Client-side call from pages/auth.signin.js

const response = await axios.patch('/api/v1/auth/signin', formData);
console.log('from api/api/v1/auth/signin');
console.log('response headers');
console.log(response.headers);

This returns (no cookies): {connection: "keep-alive", content-length: "4", date: "Sat, 24 Jul 2021 08:23:21 GMT", etag: ""4-j9t+L6hPT68Nm5L0Zt9CTsR6Fls"", keep-alive: "timeout=5"}connection: "keep-alive"content-length: "4"date: "Sat, 24 Jul 2021 08:23:21 GMT"etag: ""4-j9t+L6hPT68Nm5L0Zt9CTsR6Fls""keep-alive: "timeout=5"[[Prototype]]: Objectconstructor: ƒ Object()hasOwnProperty: ƒ hasOwnProperty()isPrototypeOf: ƒ isPrototypeOf()propertyIsEnumerable: ƒ propertyIsEnumerable()toLocaleString: ƒ toLocaleString()toString: ƒ toString()valueOf: ƒ valueOf()defineGetter: ƒ defineGetter()defineSetter: ƒ defineSetter()lookupGetter: ƒ lookupGetter()lookupSetter: ƒ lookupSetter()get proto: ƒ proto()set proto: ƒ proto() signin.js:156

The api route - Page pages/api/v1/auth/signin.js I call nestjs with

const url = process.env.SH_API_BASEURL + '/auth/signin';
const resp = await axios.post(
        url,
        { loginName: name, password },
        { withCredentials: true }
    );
console.log('api route headers');
console.log(resp.headers['set-cookie']);

The headers property has the cookies as expected

api route headers [ 'Authentication=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMzU0NTdhYi1iODBlLTQ1NjgtYWNkYi1jYjg2ZmEyZTRkMTMiLCJpYXQiOjE2MjcxMTUwMDEsImV4cCI6MTYyODAxNTAwMX0.dTOPKIYvOaiaJnOlEG1mzpQdcx9bLBhAycCSuGWhCvw; HttpOnly; Path=/; Max-Age=360000', 'Refresh=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMzU0NTdhYi1iODBlLTQ1NjgtYWNkYi1jYjg2ZmEyZTRkMTMiLCJpYXQiOjE2MjcxMTUwMDEsImV4cCI6MTcxMzUxNTAwMX0.xIQGuvJxqgMltolZdbqGqT3W9jEazhsr8wVsSFf5ltQ; HttpOnly; Path=/; Max-Age=86400000' ]

I have attempted to extract the cookies using

const cookies = new Cookies(req, resp);
const authCookie = cookies.get('Authentication');
console.log(`Auth cookie ${authCookie}`);

But the get method returns blank so not able to manually add to the nextjs response.

UPDATE: nestjs Sending token back

const accessTokenCookie =    this.authService.getCookieWithJwtAccessToken(
  userLogin.id,
);
const { cookie: refreshTokenCookie, token: refreshToken } =
  this.authService.getCookieWithJwtRefreshToken(userLogin.id);

await this.authService.setCurrentRefreshToken(refreshToken, userLogin.id);
request.res.setHeader('Set-Cookie', [
  accessTokenCookie,
  refreshTokenCookie,
]);

getCookiewithAccessToken

const token = this.jwtService.sign(payload, {
  secret: this.configService.get('JWT_ACCESS_TOKEN_SECRET'),
  expiresIn: `${this.configService.get(
    'JWT_ACCESS_TOKEN_EXPIRATION_TIME',
  )}s`,
});
return `Authentication=${token}; HttpOnly; Path=/; Max-Age=${this.configService.get(
  'JWT_EXPIRATION_TIME',
)}`;

Can you also show how are you setting the cookie on the Nest backend? — juliomalves, Jul 25 '21 at 10:57
@juliomalves I have made an update showing the cookie that is sent back. — Chris Hunter-Johnson, Jul 26 '21 at 16:36
Does this help answer your question: [Set cookies for cross origin requests](https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests)? — juliomalves, Jul 26 '21 at 22:19
@juliomalves Thanks, your comment July 26 had the solution in the line: "It turned out that Chrome won't set the cookie if the domain contains a port." — Chris Hunter-Johnson, Aug 15 '21 at 20:45

nextjs cookie from api route not returned to client - solved

0 Answers0