Version

v4.5.1

Reproduction link

http://localhost/

Steps to reproduce

see code

What is expected ?

User should be populated with the db entity.

What is actually happening?

User is being set to {}

Additional comments?

nuxt.config.js

auth: {
    strategies: {
      local: {
        endpoints: {
          login: { url: '/server/api/auth/login', method: 'post', propertyName: 'access_token' },
          logout: { url: '/server/api/auth/logout', method: 'post' },
          user: { url: '/server/api/auth/user', method: 'get', propertyName: false }
        },
        tokenRequired: true,
        tokenType: 'Bearer'
      }
    },
    redirect: {
      login: '/',
      logout: '/'
    }
  },

api

app.post('/auth/login', async (req, res, next) => {
    const { login, password } = req.body;
    console.log({ login, password });
    await db.User.findByLogin(login, password)
        .then(user => {
            if (!user) {
                console.log(`${login} entered wrong credentials on login. ${user}`);
            } else {
                console.log(`User ${login} logged in successfully. ${user}`);
            }
            return res.send(user);
        })
        .catch(err => {
            console.log(`[ERROR; SQL]: Authentication: ${err}`)
            return res.send(err)
        });
})

app.post('/auth/register', (req, res, next) => {
    const { username, email, password } = req.body;
    console.log({ username, email, password });
    db.User.create({
            username: username,
            email: email,
            password: password
        })
        .then(user => {
            console.log('New user created successfully')
            res.send(user);
        })
        .catch(err => {
            console.log(`[ERROR; SQL]: Registration: ${err}`)
            return res.status(400).send(err)
        })
})

store/index.js

export default {
    state: () => ({

    })
}

export const getters = {
    isAuthenticated(state) {
        return state.auth.loggedIn
    },

    loggedInUser(state) {
        return state.auth.user
    }
}

register forum

methods: {
    async registerForm() {
      try {
        console.log({ username: this.username, email: this.email, password: this.password });
        await this.$axios.$post(`server/api/auth/register`, {
            username: this.username,
            email: this.email,
            password: this.password
          }).then(async response => {
            await this.$auth.loginWith('local', {
              data: {
                login: this.username,
                password: this.password
              }
            });
            console.log('Registered!');
            console.log(this.$auth.token)
            console.log(this.$auth.loggedIn)
            this.$router.push('/')
          }).catch(err => {
            console.log('Registration failed: ' + err.response.data.error.message)
            this.$toast.warning('Registration failed, please try again', {icon: "error"});
          })
      } catch (e) {
        console.log('Error registering');
        this.$toast.error('Registration error, please try again', {icon: "error"});
      }
    }
  }

After registering, these values get set:

this.$auth.token = undefined
this.$auth.user = {}
$auth.state.loggedIn = true
$auth.loggedIn = true.

Any ideas why this is happening?

nuxt.config.js

auth: {
    strategies: {
      local: {
        endpoints: {
          login: { url: '/server/api/auth/login', method: 'post', propertyName: 'access_token' },
          logout: { url: '/server/api/auth/logout', method: 'post' },
          user: { url: '/server/api/auth/user', method: 'get', propertyName: false }
        },
        tokenRequired: true,
        tokenType: 'Bearer'
      }
    },
    redirect: {
      login: '/',
      logout: '/'
    }
  },```

api

js
app.post('/auth/login', async (req, res, next) => {
const { login, password } = req.body;
console.log({ login, password });
await db.User.findByLogin(login, password)
.then(user => {
if (!user) {
console.log(${login} entered wrong credentials on login. ${user});
} else {
console.log(User ${login} logged in successfully. ${user});
}
return res.send(user);
})
.catch(err => {
console.log([ERROR; SQL]: Authentication: ${err})
return res.send(err)
});
})

app.post('/auth/register', (req, res, next) => {
const { username, email, password } = req.body;
console.log({ username, email, password });
db.User.create({
username: username,
email: email,
password: password
})
.then(user => {
console.log('New user created successfully')
res.send(user);
})
.catch(err => {
console.log([ERROR; SQL]: Registration: ${err})
return res.status(400).send(err)
})
})```

store/index.js

export default {
    state: () => ({

    })
}

export const getters = {
    isAuthenticated(state) {
        return state.auth.loggedIn
    },

    loggedInUser(state) {
        return state.auth.user
    }
}

register forum
js methods: { async registerForm() { try { console.log({ username: this.username, email: this.email, password: this.password }); await this.$axios.$post(`server/api/auth/register`, { username: this.username, email: this.email, password: this.password }).then(async response => { await this.$auth.loginWith('local', { data: { login: this.username, password: this.password } }); console.log('Registered!'); console.log(this.$auth.token) console.log(this.$auth.loggedIn) this.$router.push('/') }).catch(err => { console.log('Registration failed: ' + err.response.data.error.message) this.$toast.warning('Registration failed, please try again', {icon: "error"}); }) } catch (e) { console.log('Error registering'); this.$toast.error('Registration error, please try again', {icon: "error"}); } } }

After registering, these values get set:

this.$auth.token = undefined
this.$auth.user = {}
$auth.state.loggedIn = true
$auth.loggedIn = true.

Any ideas why this is happening?

nuxt.config.js

auth: {
    strategies: {
      local: {
        endpoints: {
          login: { url: '/server/api/auth/login', method: 'post', propertyName: 'access_token' },
          logout: { url: '/server/api/auth/logout', method: 'post' },
          user: { url: '/server/api/auth/user', method: 'get', propertyName: false }
        },
        tokenRequired: true,
        tokenType: 'Bearer'
      }
    },
    redirect: {
      login: '/',
      logout: '/'
    }
  },```

api

js
app.post('/auth/login', async (req, res, next) => {
const { login, password } = req.body;
console.log({ login, password });
await db.User.findByLogin(login, password)
.then(user => {
if (!user) {
console.log(${login} entered wrong credentials on login. ${user});
} else {
console.log(User ${login} logged in successfully. ${user});
}
return res.send(user);
})
.catch(err => {
console.log([ERROR; SQL]: Authentication: ${err})
return res.send(err)
});
})

app.post('/auth/register', (req, res, next) => {
const { username, email, password } = req.body;
console.log({ username, email, password });
db.User.create({
username: username,
email: email,
password: password
})
.then(user => {
console.log('New user created successfully')
res.send(user);
})
.catch(err => {
console.log([ERROR; SQL]: Registration: ${err})
return res.status(400).send(err)
})
})```

store/index.js

export default {
    state: () => ({

    })
}

export const getters = {
    isAuthenticated(state) {
        return state.auth.loggedIn
    },

    loggedInUser(state) {
        return state.auth.user
    }
}

register forum
js methods: { async registerForm() { try { console.log({ username: this.username, email: this.email, password: this.password }); await this.$axios.$post(`server/api/auth/register`, { username: this.username, email: this.email, password: this.password }).then(async response => { await this.$auth.loginWith('local', { data: { login: this.username, password: this.password } }); console.log('Registered!'); console.log(this.$auth.token) console.log(this.$auth.loggedIn) this.$router.push('/') }).catch(err => { console.log('Registration failed: ' + err.response.data.error.message) this.$toast.warning('Registration failed, please try again', {icon: "error"}); }) } catch (e) { console.log('Error registering'); this.$toast.error('Registration error, please try again', {icon: "error"}); } } }

After registering, these values get set:

this.$auth.token = undefined
this.$auth.user = {}
$auth.state.loggedIn = true
$auth.loggedIn = true.

Any ideas why this is happening?

https://www.youtube.com/watch?v=cGi6Y8d8Zes&t=12s

Is this a BUG? Or is there a problem with my settings?

https://www.youtube.com/watch?v=cGi6Y8d8Zes&t=12s

Is this a BUG? Or is there a problem with my settings?

I have to update the accesstoken quite frequently (3600s), so I am using the refreshtoken on the client to renew my session. This is working fine using interceptors in axios. The refresh_token is stored in store/localStorage and cookies.

When the user reloads the page I want to restore the session as well. How should we go about that? I suppose for the moment that this is done on the server during SSR. Is it good practice to send the refresh_token as a cookie and let the server handle the renewal? I am hesistant, but then `$auth.setRefreshToken' is using universal storage by default.

On the flipside, when we do NOT delegate authentication to the server, we need to make the client authenticate post-render which introduces its own set of problems (redirection).

Version

v4.5.3

Reproduction link

https://github.com/ColtonProvias/auth-issue

Steps to reproduce

1. Clone the linked repo locally.
2. Run yarn install
3. Run yarn run dev
4. Go to http://localhost:3000 and try clicking both links on the front page.
5. Or try going to http://localhost:3000/protected directly.

What is expected ?

Accessing /protected should automatically redirect to /login, and the page should say that you were redirected from /protected. This should work either directly or through both links.

What is actually happening?

When accessing the page directly or via the non nuxt-link link, no redirect is provided to the login page. They should also generate the same result as accessing it via nuxt-link.

Hi, I need to let every user to update their images, and automatically remove the previous image. If I do it, the $auth.user.image does not change even with fetchUser() so I even have a problem because the image the user has isn't there anymore.
How can I dynamically update all the user data?

useredit() {
      try {this.imageUpload()} catch(err){console.log(err + ' image not uploaded.')}
      axios.put(
        '/db/user', {
          id: this.id,
          name: this.formName,
          surname: this.formSurname,
          email: this.formEmail,
          password: this.formPassword,
          image: this.formImageFilename.name,
        })
        .then(res => {
          axios.delete('/db/userimage', {data: {delimage: this.$auth.user.image}} ) //this will create a problem
          this.$auth.$storage.setState(this.$auth.$state.user.image, this.formImageFilename.name) // this ugly trial to change the image in the vuex does not work
          console.log(this.$auth.user.image) // this proves it didn't work
        })
        .catch(err => {
          console.log(err)
        })
    },

What problem does this feature solve?

In applications employing multiple authentication strategies it should be possible to isolate cookie attributes to a path unique to each strategy.

Given two login pages /admin/login and /customer/login

When I login as admin in one tab

document.cookie 
auth.strategy=admin

and login as customer in another tab

document.cookie 
auth.strategy=customer

then return to admin tab and refresh

document.cookie 
auth.strategy=customer 

then token verification fails because the strategy was overridden when we logged in as customer.

What does the proposed changes look like?

This would cease to be a problem if it were possible to configure the cookie path per strategy or simply allow the developer to provide a function to options.cookie.options.path as in the following example.

// nuxt.config.js
auth: {
  cookie: {
    options: {
      path: () => /path/.test(window.location.pathname) ? '/path-a' : '/path-b'
    }
  }
}

// auth/storage.js
setCookie (key, value, options = {}) {
  // ...

  if (_options.path instanceof Function) {
    _options.path = _options.path()
  }

  // ...
}

I found a few more issues about id_token and each is unanswered:

• https://github.com/nuxt-community/auth-module/issues/281
• https://github.com/nuxt-community/auth-module/issues/238
• https://github.com/nuxt-community/auth-module/issues/237

and probably this one too:

• https://github.com/nuxt-community/auth-module/pull/298

I am surprised that none of the authors responds to this. If I understand the case correctly, then downloading the id_token should not only work without problems but should be given in the documentation as an example of the proper implementation of the authorization.

From Google doc:

Important: Do not use the Google IDs returned by getId() or the user's profile information to communicate the currently signed in user to your backend server. Instead, send ID tokens, which can be securely validated on the server.

Without that the auth-module looks insecure and not usable for Google authorization (and probably for all based on OAuth2) because we can't connect the auth data with user data in our backend.

What problem does this feature solve?

The current implementation of auth module uses the implicit flow to get the access token, as per the current best practices in oauth2 PKCE based auth is a better approach that implicit, because of various reasons, but the most important would be the ability to get refresh token, and hence can allow long-lived session.

Why don't we support the PKCE? Any thoughts?

What does the proposed changes look like?

Haven't looked into yet, but if there are any feedback and suggestion I would like to contribute.

Hi,

is it possible to use TokenAuthentication from Django-Rest-Framework?

Just found examples for JWT.

Thank you

Version

v4.5.3

Reproduction link

https://auth.nuxtjs.org/

Steps to reproduce

I have a guarded page dashboard. when i manually access guarded page using browser url http://localhost:3000/dashboard , auth middleware not properly redirect to login page.

What is expected ?

unauthorised access to auth middleware guarded should be redirected to http://localhost:3000/auth/login

What is actually happening?

currently auth middleware redirect to /auth/login instead of properly full url http://localhost:3000/auth/login

Additional comments?

my other dependencies

"dependencies": {
    "@nuxtjs/auth": "^4.5.3",
    "@nuxtjs/axios": "^5.4.1",
    "@nuxtjs/pwa": "^2.6.0",
    "cross-env": "^5.2.0",
    "nuxt": "^2.4.0",
    "vuetify": "^1.5.5",
    "vuetify-loader": "^1.2.1"
  },

my auth strategies

auth: {
    strategies: {
      local: {
        endpoints: {
          login: {
            url: 'auth/login', method: 'post', propertyName: 'token'
          },
          user: {
            url: 'me', method: 'get', propertyName: 'data'
          },
          logout: {
            url: 'auth/logout', method: 'get'
          }
        }
      }
    },
    redirect: {
      home: '/dashboard',
      login: 'auth/login',
      logout: '/'
    }
  },

Is it possible to make an axios request without using auth module headers/token?

environment: ubuntu node-v10.13.0 nuxt-2.4.5 @nuxtjs/auth-4.5.3

When I logged in, I came to the page that needed authorization. such as "/about", When I refreshed the page, I redirected to "/login",
But the result I printed was： loggedIn: true.

It seems that this problem only happens in linux. When I do the same thing under windows, it doesn't happen anymore. Everything is OK.

environment: ubuntu node-v10.13.0 nuxt-2.4.5 @nuxtjs/auth-4.5.3

When I logged in, I came to the page that needed authorization. such as "/about", When I refreshed the page, I redirected to "/login",
But the result I printed was： loggedIn: true.

It seems that this problem only happens in linux. When I do the same thing under windows, it doesn't happen anymore. Everything is OK.

I got a bug after updating the vue devtools when loading a state
http://prntscr.com/n33rjh