🐛 Bug Report: Unable to create user using the server api key with users:write and users:read scope #3534

Edijae · 2022-07-10T23:32:59Z

👟 Reproduction steps

When i try to create user using my server api key with users:read and users:write scope, the request return success form the node-appwrite server library but in reality the user is never created and an exception is thrown from the docker appwrite console.

[Error] Method: POST

[Error] URL: /v1/users

[Error] Type: Utopia\Database\Exception\Authorization

[Error] Message: Missing "write" permission for role "user:62cb5ddxxx". Only this scopes "["role:all"]" are given and only this are allowed "["user:62cb5ddxxx"]".

[Error] File: /usr/src/code/vendor/utopia-php/database/src/Database/Database.php

[Error] Line: 810

👍 Expected behavior

user should be created successfully using the server api key with users:write scope

👎 Actual Behavior

No user is created

🎲 Appwrite version

Version 0.13.x

💻 Operating system

MacOS

🧱 Your Environment

No response

👀 Have you spent some time to check if this issue has been raised before?

I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

I have read the Code of Conduct

stnguyen90 · 2022-07-11T00:56:53Z

Based on the error, you may not be authenticated. Can you share your code (redacting values as needed)?

Edijae · 2022-07-11T10:26:02Z

@stnguyen90

api.ts

import {endpoint,project,key} from "../config.js";
import appwrite from 'node-appwrite';

let client:appwrite.Client;
let db:appwrite.Database;
let storage:appwrite.Storage;
let locale:appwrite.Locale;
let account:appwrite.Users;


export default {
    
    getClient : function(){
        if(client){
            return client;
        }
        client = new appwrite.Client()
        .setEndpoint(endpoint)
        .setProject(project)
        .setSelfSigned(true)
        .setKey(key);
        return client;
    },

    getAccount : function(){
        if(account){
            return account;
        }

        account = new appwrite.Users(this.getClient());
        return account;
    }

}

authentication.ts

import api from "../api.js";

var db = api.getAccount();

async function createAccount(email:string, password:string,name:string):Promise<Response>{
    let response  = new Response(true, "");

    try {
        let newAccount = await db.create<AccountDb>(uniqueKey,email,password,name);
        console.log(" account is "+JSON.stringify(newAccount));
        response.data = Account.fromDb(newAccount);
    } catch (error) {
        console.error("error creating user. "+error);
        response.success = false;
        response.message = "An error occurred creating account. Please try again"
    }
    return response;
}

Response from my node server

account is {"total":0,"users":[]}
`
Response logged by Appwrite on docker

[Error] Type: Utopia\Database\Exception\Authorization

[Error] Message: Missing "write" permission for role "user:62cbf958919xxxx". Only this scopes "["role:all"]" are given and only this are allowed "["user:62cbf958919xxxx"]".

[Error] File: /usr/src/code/vendor/utopia-php/database/src/Database/Database.php

[Error] Line: 810

stnguyen90 · 2022-07-11T13:13:09Z

Are you using https for your endpoint? If not, would you please try with https?

Edijae · 2022-07-11T14:19:04Z

@stnguyen90 The server is running on my local machine as a docker container. Thus I'm connecting to it using ngrok which generates a https endpoint that maps to the local server.

…

On Mon, Jul 11, 2022, 4:13 PM Steven ***@***.***> wrote: Are you using https for your endpoint? If not, would you please try with https? — Reply to this email directly, view it on GitHub <#3534 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADNOTIZGU73C5OY2HY4PUW3VTQMXBANCNFSM53FYHDTQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

stnguyen90 · 2022-07-11T18:52:00Z

Why do you need to use ngrok? Using ngrok might be causing some problems with headers.

Edijae · 2022-07-11T18:56:04Z

@stnguyen90 because I'm making api calls from a mobile app to the local server hosted on my machine

stnguyen90 · 2022-07-11T23:06:50Z

Can you try using the LAN IP of your host machine and HTTPS instead of ngrok?

Edijae · 2022-07-12T22:19:32Z

@stnguyen90
interestingly that seemed to work. I then tried to create an account using appwrite web package which I installed on my local express server since node-appwrite package does not create sessions and I needed the token to send back to the app.

import {Client, Account,} from 'appwrite';

let webClient: Client;
let webAccount: Account;

getWebClient : function(){
        if(webClient){
            return webClient;
        }
        webClient = new Client()
        .setEndpoint(serverEndpoint) // endpoint to my appwrite server. first it was the IP address of the appwrite docker     container but later on I changed to IP address of my digital ocean apwrite droplet IP address
        .setProject(serverProject)
        return webClient;
    },

getWebAccount : function():Account{
        if(webAccount){
            return webAccount;
        }
        webAccount = new Account(this.getWebClient());
        return webAccount;
    }

async function createAccount(email:string, password:string,name:string):Promise<Response>{

    try {
        let newAccount = await getWebAccount().create(uniqueKey,email,password,name);
        console.log(" account is "+JSON.stringify(newAccount));
    } catch (error) {
        console.error("error creating user. "+error);
    }
    return response;
}

but an error was returned

error creating user. AppwriteException: Only HTTP(S) protocols are supported

So I tried to create an appwrite droplet on digital ocean and try again using the droplet IP address. but it failed with the error

error creating user. AppwriteException: request to https://188.166.114.24/v1/account failed, reason: self signed certificate

Does this mean I cannot create a user using the web client package without my own custom domain?

stnguyen90 · 2022-07-12T22:29:08Z

I needed the token to send back to the app

What token do you need? Why do you have a node app between your front end and Appwrite?

Does this mean I cannot create a user using the web client package without my own custom domain?

The appwrite package is really meant for the front end, which is why there's no way to allow self signed certificates. If you really need to create an account session in a node app, I suggest manually making the API call so that you can grab the session cookie from the http response. Appwrite should generate an SSL certificate for your domain so you don't have to allow self signed certificates.

Edijae · 2022-07-12T22:42:34Z

@stnguyen90 the node app serves as the API server. so the app interacts directly with the api server and not appwrite since I might need to fetch data from different sources. I will try to manually make the api call.

stnguyen90 · 2022-07-13T16:52:43Z

I might need to fetch data from different sources

We typically put this logic in an Appwrite Function. Would that work for you and save from creating another server?

stnguyen90 · 2022-08-19T00:43:16Z

@Edijae, do you need any more assistance or can this issue be closed?

stnguyen90 · 2022-09-15T05:02:24Z

Closing due to inactivity

Edijae added the bug Something isn't working label Jul 10, 2022

stnguyen90 self-assigned this Jul 11, 2022

snyk-bot mentioned this issue Sep 13, 2022

[Snyk] Upgrade prismjs from 1.28.0 to 1.29.0 #3821

Closed

stnguyen90 closed this as completed Sep 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

🐛 Bug Report: Unable to create user using the server api key with users:write and users:read scope #3534

🐛 Bug Report: Unable to create user using the server api key with users:write and users:read scope #3534

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

🐛 Bug Report: Unable to create user using the server api key with users:write and users:read scope #3534

🐛 Bug Report: Unable to create user using the server api key with users:write and users:read scope #3534

Comments

👟 Reproduction steps

👍 Expected behavior

👎 Actual Behavior

🎲 Appwrite version

💻 Operating system

🧱 Your Environment

👀 Have you spent some time to check if this issue has been raised before?

🏢 Have you read the Code of Conduct?

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!