v.1.0.93
PricingBlog
Sign up
Open app
All topics

Auth/me not picking up HTTP-only cookie (Xano + Nordcraft)

  • ibi_0909-1445347244243943505

    Ibi

    3 months ago

    Hey everyone 👋

    I’m using Nordcraft + Xano to build a simple login flow. On my login page, using the “Auth/login” API, everything works: the token is returned and I set it as an HTTP-only cookie.

    However on my dashboard page, when I call “Auth/me, it fails: Nordcraft doesn’t pick up the HTTP-only cookie. The login was successful, but the token isn’t read. If I paste the token manually it works. But when I rely on Authorization: Bearer {{cookies.access_token}}, nothing happens.

    I’ve tried storing the token as a cookie, as a session-cookie, even saving to localStorage — and spent hours chatting with AI chatbots — but still no luck.

    Does anyone know what I’m missing? What should I check so that Auth/me correctly reads the HTTP-only cookie or token (or header)? Any help / insights from people using Nordcraft + Xano would be highly appreciated 🙏
    1445347244818567260-Screenshot_2025-12-02_at_10.21.47.png
    1445347245414289418-Screenshot_2025-12-02_at_10.31.43.png
    1445347245846298706-Screenshot_2025-12-02_at_10.32.04.png
    1445347246211076117-Screenshot_2025-12-02_at_10.32.52.png
    1445347246513197118-Screenshot_2025-12-02_at_10.33.06.png
  • ibi_0909-1445348042097295494

    Ibi

    3 months ago

    Just to add for the record: this issue is not coming from the API itself. When I take the same token and test it directly in Xano, it returns the correct user data.

    So the API works fine. The problem seems to be on the Nordcraft side where Auth/me isn’t reading or forwarding the token from the cookie or the header.
  • erikbeus-1445362297659723777

    Erik Beuschau

    3 months ago

    Hi @Ibi
    Is the API request on your dashboard for "Auth/me" proxied? You can check in the Advanced tab. If the request is not proxied, the cookie won't be replaced properly by our proxy server, and Xano would receive an invalid header.
  • ibi_0909-1445413804048384134

    Ibi

    3 months ago

    Hi @Erik Beuschau thanks for replying. The proxy is on. And it still gives me an invalid token response.
    1445413803507322881-image.png
    1445413803855708344-image.png
  • ibi_0909-1445418393338511555

    Ibi

    3 months ago

    I think it works. It I test it live, it works now. It doesnt show me the full token in my Paragraph. It just shows {cookie: access_token}. But it pulls data from Xano. I also tried a on Succes event to return a succes value and it did. But I don't get it why the response in Nordcraft keeps giving an error. Is this something that Nordcraft cannot access or see the token? In Youtube tutorials I followed the auth/id give a response in Nordcraft
    1445418391962914856-image.png
    1445418392252059658-image.png
    1445418392591925393-image.png
    1445418392860495914-image.png
    1445418393133121609-image.png
  • erikbeus-1445680755085672589

    Erik Beuschau

    3 months ago

    It's difficult to debug from the screenshots you provided. Is the project public so I can check it in the editor? Or perhaps you could DM me some login credentials so I can check the network traffic + stored cookies when logging in.
    Also, have you installed the Nordcraft browser extension? https://chromewebstore.google.com/detail/nordcraft/hfhgjncckomifajhndceigiaiojhlllp
  • jehex-1445688928391921664

    Jehex

    3 months ago

    I have a similar issue who start to piss me off, the code return from google is invalid, my google account has been registered but when I login on it it's give a wrong code... I basically cannot login with google now, dont know if its a bug
  • 693798468296245259-@Jehex
    I have a similar issue who start to piss me off, the code return from google is invalid, my google account has been registered but when I login on it it's give a wrong code... I basically cannot login with google now, dont know if its a bug
    erikbeus-1445691987771527169

    Erik Beuschau

    3 months ago

    Do you mean you can't log into Nordcraft? Or into your own Supabase project?
  • 903997958196957254-@Erik Beuschau
    Do you mean you can't log into Nordcraft? Or into your own Supabase project?
    jehex-1445692675813539993

    Jehex

    3 months ago

    the auth token return by google ( login through my app in nc) is incorrect for all my accounts suddendly
  • Everything was ok 1 hour ago, annd now it's seems that the auth token is incorrect all the time even If I clean the cache etc..
  • 693798468296245259-@Jehex
    Everything was ok 1 hour ago, annd now it's seems that the auth token is incorrect all the time even If I clean the cache etc..
    erikbeus-1445693378217115648

    Erik Beuschau

    3 months ago

    I see. I don't believe that's a Nordcraft issue 🤔 And it doesn't look like [Supabase is having issues](https://status.supabase.com/). We're able to login using Google + Supabase in our applications atm.
    Any chance you're redirecting to a url that includes a _ after logging in? Supabase recently made a change so that redirect URLs could no longer include a _.
  • 903997958196957254-@Erik Beuschau
    I see. I don't believe that's a Nordcraft issue 🤔 And it doesn't look like [Supabase is having issues](https://status.supabase.com/). We're able to login using Google + Supabase in our applications atm.
    Any chance you're redirecting to a url that includes a _ after logging in? Supabase recently made a change so that redirect URLs could no longer include a _.
    jehex-1445694163814318161

    Jehex

    3 months ago

    Im using Xano, I didnt touch anything before this issue happen unfortunetly :/ my url not include a _
  • jehex-1445694508552552498

    Jehex

    3 months ago

    1445694507910955039-Untitlced.png
    1445694508229464084-Untitled.png
  • jehex-1445694974481010728

    Jehex

    3 months ago

    I have no clue honestly, I delete all cache, restart chrome and even restart my laptop lol and all auth google token are invalid
  • 693798468296245259-@Jehex
    I have no clue honestly, I delete all cache, restart chrome and even restart my laptop lol and all auth google token are invalid
    erikbeus-1445698721189728288

    Erik Beuschau

    3 months ago

    That sounds strange. I would recommend you check with Xano if they are aware of any issues using Google auth. You could also double check that your Google auth setup (in Google cloud console) is still valid
  • 903997958196957254-@Erik Beuschau
    That sounds strange. I would recommend you check with Xano if they are aware of any issues using Google auth. You could also double check that your Google auth setup (in Google cloud console) is still valid
    jehex-1445699999215386685

    Jehex

    3 months ago

    all good from Xano and google cloud console
  • erikbeus-1445700971811311708

    Erik Beuschau

    3 months ago

    We haven't really deployed anything that would affect this either 🤔 Would it be possible for me to try and log in using Google on your application? Just to debug the response from Google and Supabase
  • jehex-1445701609584721920

    Jehex

    3 months ago

    sure
  • do you want an invitation ?
  • erikbeus-1445701868490850405

    Erik Beuschau

    3 months ago

    Yes please: erik@nordcraft.com
  • jehex-1445702532335665152

    Jehex

    3 months ago

    thanks you, just invit you
Leave a comment
Nordcraft Co-Founders Kasper Svenning Hansen and Andreas Møller

Chat with Nordcraft

Chat with the Nordcraft team

Nordcraft Co-Founder and CEO Andreas Møller

Call our CEO

Plan a video call with Andreas

Hi Nordcraft!

Write Nordcraft

Send us an email

BlogPricingDocumentationhello@nordcraft.com
RoadmapPress KitTerms & ConditionsPrivacy PolicyAffiliate
© Nordcraft 2025. All rights reserved.