FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    localhost development cookie issue

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    3
    4
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacksontrevan
      last edited by

      I am developing a SPA with react. I am having an issue while developing locally, i.e. on my localhost, the app is talking to FusionAuth and a service that is performing PKCE which are running remotely. I am having issues with the cookies being set. The cookies that are returned from the backend have a domain which is not localhost so they are dropped after the authentication and redirect.

      How do I develop locally with this set-up, redirect back to localhost after authentication and retain the cookies?

      V 1 Reply Last reply Reply Quote 0
      • V
        vinicius.campitelli @jacksontrevan
        last edited by

        @jacksontrevan

        Hi there!

        Can you please elaborate?

        In the Authorization Code grant flow with PKCE:

        1. Your backend generates a code challenge and a code verifier (which should be stored in your side, either in cookies or server session)
        2. Your application takes the user to FusionAuth's /oauth2/authorize endpoint with redirect_url, code_challenge and other parameters
        3. User logs in
        4. FusionAuth redirects the user back to the provided redirect_url (your backend) with an authorization code
        5. Your backend sends a request to FusionAuth's /oauth2/token endpoint with the received authorization code and the code verifier
        6. FusionAuth compare code verifier and challenge and returns an access token
        7. You can now use that access token to call your API or other resources

        So which cookies are you trying to retrieve? In that flow, the backend would only need to store the code verifier in cookies during step 1.

        J 1 Reply Last reply Reply Quote 0
        • J
          jacksontrevan @vinicius.campitelli
          last edited by

          @vinicius-campitelli The issue is with the our backend setting the final cookies, app.at, app.idt, app.at_exp in one domain after authentication, then having the application redirect back to localhost and retain the cookies. In other words I am trying to authenticate as a user and develop on localhost, however after authentication the cookies are no longer accessible when I redirect back to localhost.

          danD 1 Reply Last reply Reply Quote 0
          • danD
            dan @jacksontrevan
            last edited by

            @jacksontrevan Yes, this is unfortunately a limitation of cookies.

            You could work around that by setting up a DNS alias to local.example.com (assuming FusionAuth is running remotely at auth.example.com).

            You can usually set that up by googling for local host in /etc/hosts <platform> which turns up:

            • https://www.hostinger.com/tutorials/how-to-edit-hosts-file-macos
            • https://www.manageengine.com/network-monitoring/how-to/how-to-add-static-entry.html

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post