Custom domain doesn't return session data....

[wgbdev]

So, after much frustrations with the inadequate examples for moving to a custom domain and outside of the local / proxy world, I seem to have "some of it working" but there seems to be missing session data.

I'll explain:

I setup a custom domain, DNS & CNAME records for a ory.my-domain-example.app that points to my instance on Ory Cloud. I built the local GoLang app that serves from www.my-domain-example.app:3443 [ i.e. it's on 127.0.0.1 ] and I setup SSL because it is required with all new browsers that use a .app TLD.

All of this works.

When I access https://www.my-domain-example.app:3443 I get redirected to the login page on the Ory Cloud, located at ory.my-domain-example.app/ui/login?flow=0ab92142-c2e3-4a23-8a72-32a7fa9a410f with the login page. All good so far! Yeah!

Then I login, which is successful.

The Ory Cloud sends me BACK to my app after, which then goes through code looking to see if I have a cookie and then extracting the session. There is a cookie, but there is NO session details, which means the code in this test fails......

	if (err != nil && session == nil) || (err == nil && !*session.Active) {
		// this will redirect the user to the managed Ory Login UI
		http.Redirect(writer, request, "https://ory.my-domain-example.app/api/kratos/public/self-service/login/browser", http.StatusSeeOther)
		return
	}

....and it does a Redirect again, which, because the Ory Cloud knows there is a session, it takes me to the https://ory.my-domain-example.app/ui/welcome page. This seems like normal behavior, but I would never execute this additional Redirect IF I had proper session data.

Why and I not getting proper session data passed back into me after the re-direct from the Ory cloud to my app, after a successful login? I suspect it has something to do with cross domain cookies, but I don't know how / where I should change something if that is the case. The only place for setting that is in the Custom Domain configuration page.

I have my Domain set to [ ory.my-example-domain.app ] and I have my Cookie Domain set to [ my-domain-example.app ] in my Custom Domain settings. I have CORS enabled and I have Orgins set to [ https://*.my-domain-example.app ] at the bottom.

What am I missing?

[Benehiko]

Hi @wgbdev

I will take a look at this today to see if I can reproduce it. It's probably something where the Go application is not including the cookie when requesting for the session information.

Just a few questions so I can understand the context a bit better :)

1. Are you using the Go exmaple from our docs?
2. Have you verified there are no errors by logging / printing the err
3. Have you verified there is no session information by logging / printing the session object
4. Is this problem on the live instance? e.g. your domain is actually pointing to a live server running the Go app. Or is this on a local machine?
5. If this is local, are you using the ory tunnel? https://www.ory.sh/docs/getting-started/local-development

[wgbdev]

Yes, I'm using that GoLang Example.

Yes, there is an error on the call to:

  session, _, err := app.ory.V0alpha2Api.ToSession(request.Context()).Cookie(cookies).Execute()

The err is:

2022/09/21 09:30:35 err =>
{
"Op": "parse",
"URL": "https://ory.my-domain-example.app%!(EXTRA string=4000)/sessions/whoami",
"Err": "%!("
}

I did confirm that there is a ory_session and csrf_token cookie that is passed into it.

2022/09/19 14:11:40 cookie [ "csrf_token_0eed95f0ad56f6166d151d02ce2e7dc877140b1b5db3e5b4d241814b4ae64837=l923VN5qLUCHKycrxMM01npyyzHv+Lyok0dG9EaWtlM=; ory_session_charmingrhodes17qs6n5umh=MTY2MzYyMTcwOXxsZ3FTcGhFX09IU052b0dvYS1nNXQ2LTB2cHBOLXdwUnhPM3MwNVBZNmY4M1ZNVWJjazE1TEJ3WFBGSDZKek5UaENOeUY3cktNZ1FoM3N1S3gwbmtQVldiZEdlUU9LNkFtY296cG5KMG9ZR2pSUERhTVdkWEQzc1MtODFMM3lEVDM2ODJwTWRIbHBXcW9UT0RKN2pKWkRwdlg0X25fX0xOb2xKUXFjSlJQR01YLWV2UnhrakhISnRpV1RPZUtQOGVkakZIcUR3T2xUM0VIRjh0QVFMazBsdXVyZ3drSnc9PXyx470IoK6_n5d9PBHQdmr6EehnAdlvGZcuQGDZAo-qCg==; "
]

One thing I noticed, when using the Proxy, I get the two following cookies, which don't come thru when using a custom domain. I don't think it's applicable because Cloudflare is just setting the domain to the [ ory.my-domain-example.app ] and not the main domain of [ my-domain-example.app ].

__cfruid=a510ca01e8f5f5f214a0ac780d85c6b7b8bf5fab-1663621693;
__cflb=0pg1Q4nPe6RHQDxAYrRgWky7wTWAnDi1DTf4yrJo" ]

I'm not entirely sure what re-writing the Proxy is doing that using a custom domain does not. Also, the browser is going to see this as one domain when using the proxy vs. two sibling sub-domains [ ory. and www. ]

[wgbdev]

Sorry, I hit send before I finished answering your other questions....

Yes, the [ ory.my-domain-example.app ] is running on the Ory cloud.
The [ www.my-domain-example.app ] is running on my local machine, but has an address of 127.0.0.1

I am not using the tunnel.

[Benehiko]

Hi @wgbdev

It seems the Go example is setting a port for you by default. The example is meant to give you a starting project and not an out-of-the-box solution as a production ready software.
https://github.com/ory/docs/blob/master/code-examples/protect-page-login/go/main.go#L16-L19

You can tweak the code to remove the default port, however, for local testing and to understand the concepts, I would recommend you use it with the ory tunnel. It does the rewrite for the cookie domain from ory.my-domain-example.app to localhost. Also other form data it rewrites to make it compatible with your local environment. When hooking up your domain to your server running under the my-domain-example.app you do not need the tunnel. When going to production I would also recommend that the go application be run behind a reverse proxy, doing the domain and ssl handling for you so that your Go app can run under a localhost:port domain.

Please follow these instructions on local development for Ory Cloud and integrate authentication into Go.

[wgbdev]

Still working on this problem.... I "think" it has something to do with the following failing...

session, _, err := app.ory.V0alpha2Api.ToSession(request.Context()).Cookie(cookies).Execute()

I suspect, which doesn't seem to be documented anywhere that this call is looking for something other than the Cookie being passed in to validate a session. Do I need a TOKEN of some sort? If so, where and how do I set it? Where is the documentation that I missed on this?

Perhaps I'm all off base, but I will soldier on..... perhaps it's me.... perhaps it's a bug.... perhaps it's poor documentation or bad examples.... life of open source software it NOT for the faint of heart....

I'm truly open for suggestions or paying $ for someone to help me understand why the tutorials don't work....

[wgbdev]

Problem is fixed. My bug. I was improperly setting the URL for the app.ory.V0alpha2Api.ToSession() command by passing the wrong data to c.Servers = ory.ServerConfigurations{{URL: fmt.Sprintf("https://ory.my-domain-example.app" )}}