Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: Failed to extract session ID for logout URL: invalid_session_cookie #1174

Open
austinm911 opened this issue Nov 20, 2024 · 1 comment

Comments

@austinm911
Copy link

On "@workos-inc/node": "^7.33.0"

I'm having issues accessing the logout URL.

// Hono cloudflare route
.get('/logout', async (c) => {
		const cookieHeader = c.req.header('cookie')
		const { sessionCookie } = getWosSessionCookie(cookieHeader)

		const workos = new WorkOS(c.env.WORKOS_API_KEY, {
			clientId: c.env.WORKOS_CLIENT_ID,
		})

		const { result: session, error } = await mightFail(
			workos.userManagement.loadSealedSession({
				sessionData: sessionCookie,
				cookiePassword: c.env.WORKOS_COOKIE_PASSWORD,
			}),
		)

		// I can see the session here
		console.log('🚀 ~ file: auth.ts:141 ~ .get ~ session:', session)

		if (error) {
			return c.json({ error: 'Failed to load sealed session' }, 400)
		}


		const { result: logoutUrl, error: logoutError } = await mightFail(session.getLogoutUrl())

		if (logoutError) {
			// errors here
			console.error('🚀 ~ file: auth.ts:153 ~ .get ~ logoutError:', logoutError)
			return c.json({ error: 'Failed to get logout URL' }, 400)
		}

		console.log('🚀 ~ file: auth.ts:155 ~ .get ~ logoutUrl:', logoutUrl)

		// deleteCookie(c, 'wos-session')

		return c.json({
			logoutUrl,
			message: 'Logout initiated',
		})

Session logs out okay with the session data (containing the sealed token)

🚀 ~ file: auth.ts:150 ~ .get ~ session: Session {
  userManagement: <ref *1> UserManagement {
    workos: WorkOSWorker {
      key: 'sk_test_aBHMmo',
		...
	}
}

Error

 [ERROR] 🚀 ~ file: auth.ts:153 ~ .get ~ logoutError: Error: Failed to extract session ID for logout URL: invalid_session_cookie

      at Session.<anonymous>
  (file:///Users/am/Coding/app/node_modules/@workos-inc/node/lib/user-management/session.js:149:23)
      at Generator.next (<anonymous>)
      at fulfilled
  (file:///Users/am/Coding/app/node_modules/@workos-inc/node/lib/user-management/session.js:5:58)
@PaulAsjes
Copy link
Contributor

This would suggest that there's an issue with the session cookie you're passing in. loadSealedSession doesn't do any validation of the session, instead acting as a constructor. The validity of the session is only checked if you call session.authenticate() or session.getLogoutUrl() (which internally also calls session.authenticate().

You'd get that error if either the session can't be decrypted (possibly due to providing the wrong password) or if the resulting unencrypted data lacks an access token.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants