v.1.0.79
PricingBlog
Sign up
Open app
All topics

Need help with httpOnly API Fetch

  • baba_bambule-1447943567732641822

    BabaBambule

    1 month ago

    So I am currently trying to authenticate a user based on the information stored inside my access_token httpOnly Cookie.

    My Token contains a stringified json with token and id as values. On my homepage I've a graphQL call on auto-fetch with Server-side fetching and proxy request turned on.

    I am trying to get a user based on the id that is stored inside the httpOnly Cookie. But the reponse always gives me this error:
    "Invalid query. The filter value for "_eq" has to be a string, number, or boolean."

    I am on this for hours, trying different stuff the AI suggests but nothing works. Do I have a fundamental mistake on how the httpOnly Cookies work?
    1447943568478965864-image.png
    1447943568873226270-image.png
    1447943569242329202-image.png
    1447943569783652363-image.png
    1447943570253283399-image.png
    1
  • baba_bambule-1447944237860782212

    BabaBambule

    1 month ago

    according to dev tools cookie is set
    1447944237382635531-Bildschirmfoto_2025-12-09_um_14.32.14.png
  • erikbeus-1447946512683241656

    Erik Beuschau

    1 month ago

    Http only cookies can only be read on the server (not in JavaScript). You will need to add an endpoint that returns the information you need probably
  • baba_bambule-1447948021815050395

    BabaBambule

    1 month ago

    could you explain that further please? So I can't use the formula as I do now to access the access_token cookie right?

    But could I access the information if I just store my text value inside my httpOnly Cookie and then use this as the graphQL variable?
  • baba_bambule-1447949021615358104

    BabaBambule

    1 month ago

    like just the id and not stored as a json?
  • 341466475309039616-@BabaBambule
    So I am currently trying to authenticate a user based on the information stored inside my access_token httpOnly Cookie.

    My Token contains a stringified json with token and id as values. On my homepage I've a graphQL call on auto-fetch with Server-side fetching and proxy request turned on.

    I am trying to get a user based on the id that is stored inside the httpOnly Cookie. But the reponse always gives me this error:
    "Invalid query. The filter value for "_eq" has to be a string, number, or boolean."

    I am on this for hours, trying different stuff the AI suggests but nothing works. Do I have a fundamental mistake on how the httpOnly Cookies work?
    max.kayr-1447949071149961226

    Max

    1 month ago

    Hey! It looks like you user id is not injected into the body. HTTP only cookies by default cannot be used in the body. But you can enable that here. I am curious, what backend are you using? Can't you decide server-side which user sent the request?
    1447949070688714882-image.png
  • baba_bambule-1447949694226403452

    BabaBambule

    1 month ago

    tried it with inject as well and doesn't work either.

    I am using directus and did set up an alternative user data model so I can't access the auth flow provided by directus.

    But I am basically at the step where I want to verify the jwt and see if the user is logged in or not to show their home page or redirect them to the signup page
  • baba_bambule-1447950351805317191

    BabaBambule

    1 month ago

    so flow is currently signup where they enter their phone number for verification -> user gets send sms with magic link -> user goes to verify page where I send the token and do a hash validation and if that's successful set the httpOnly Cookie and then redirect them to the home page / dashboard

    Here I need to check if the JWT is valid but I can't do that if I can't even access the content of the access_token cookie
  • max.kayr-1447975098056446013

    Max

    1 month ago

    Are you sure this is a good idea? Seems like you are circumventing Directus' access control system 🧐
    If you think it is a good idea, I'd store the value in a variable for testing purposes. If the workflow works with the tokens store in a variable, we know that the backend part works. If it does, it makes sense to dig deeper
    🚀1
  • baba_bambule-1449135233055068214

    BabaBambule

    1 month ago

    well after your comment I came up with a solution. Wrote two directus extensions. One for custom endpoints and the other to have a workaround for the e-mail / password login. But I'm using an external identifier similar to keycloak within my own system now. So every user has a matching system user. that way I use the official access and refresh token system 👍
    💪2
Leave a comment
Nordcraft Co-Founders Kasper Svenning Hansen and Andreas Møller

Chat with Nordcraft

Chat with the Nordcraft team

Nordcraft Co-Founder and CEO Andreas Møller

Call our CEO

Plan a video call with Andreas

Hi Nordcraft!

Write Nordcraft

Send us an email

BlogPricingDocumentationhello@nordcraft.com
RoadmapPress KitTerms & ConditionsPrivacy PolicyAffiliate
© Nordcraft 2025. All rights reserved.