Login API not setting cookie / returning a header that Sets cookie

arihantverma52

I've been testing my login API on postman, and I do not see JWT Access token cookie being set.
If the cookie actually not being set or am I just unable to test is correctly on postman.
I've set up interceptor on postman yet no luck.

dan

Welcome @arihantverma52 !

What version of FusionAuth are you using?

Are you using this API: https://fusionauth.io/docs/v1/tech/apis/login/#authenticate-a-user

Have you registered the user for the application?

Can you share your code? Looks like you can export postman requests as scripts: https://stackoverflow.com/questions/49432735/converting-a-postman-request-to-curl?rq=1 so that might be worth sharing so folks can help.

arihantverma52

I am using version 1.32.1
Yes, I am using authenticate a user (Login) API.
Yes, the user that I am trying to login as, has been registered for the application.

curl --location --request POST 'https://fsauth-dev.goinfluencer.io/ums/api/v1/brand/signin' \
--header 'Content-Type: application/json' \
--data-raw '{
	"email":"arihantsinghverma@gmail.com",
  	"password":"abcdefghij1"
}'

func (s *AuthService) SignIn(request *models.SignInRequest, userType string) (*fusionauth.LoginResponse, error) {
	var applicationId string
	if userType == "brand" {
		applicationId = s.config.FusionAuth.BrandApplicationId
	} else if userType == "influencer" {
		applicationId = s.config.FusionAuth.InfluencerApplicationId
	}
	fusionauthrequest := fusionauth.LoginRequest{
		BaseLoginRequest: fusionauth.BaseLoginRequest{ApplicationId: applicationId},
		LoginId:          request.Email,
		Password:         request.Password,
	}
	isVerified, exists := s.IsVerified(request.Email, applicationId)
	if !exists {
		logging.Error("User does not exist")
		return nil, errors.RequestErr("User does not exist")
	} else if isVerified {
		fusionauthresponse, fieldErr, err := s.client.Login(fusionauthrequest)
		if err != nil {
			logging.Error("Unable to connect to fusionauth", zap.Error(err))
			return nil, errors.BaseBadRequest
		}
		if fieldErr != nil {
			logging.Error("Invalid Username or Password", zap.Error(fieldErr))
			return nil, errors.RequestErr("Invalid Username or Password")
		}
		// response := &models.SignInResponse{
		// 	Email:    fusionauthresponse.User.Email,
		// 	UserName: fusionauthresponse.User.FullName,
		// }
		return fusionauthresponse, nil
	} else {
		logging.Error("Email is not verified")
		return nil, errors.RequestErr("Email is not verified")
	}
}

arihantverma52

The response is containing the set-cookie header only if I manually use gin context to set cookie,
and the APIs that need cookies in the request (like refresh_jwt) and working only if I manually read the set cookies.
This should be done automatically when I call the fusionauth APIs right?

arihantverma52

SOLVED

The go client doesn't return the headers from the HTTP response when it calls the fusionauth APIs.
Workaround is to call the /api/login API yourself, extract the headers and set "Set-Cookie" headers yourself.