-1

I use @nuxtjs/auth-next and I must have a configuration problem but I tried multiple configurations without success.

I used this example for the server part https://github.com/cornflourblue/node-mongo-signup-verification-api.

Here is my current configuration:

auth: {
  redirect: {
    login: '/login',
    logout: '/',
    callback: '/login',
    home: '/'
  },
  strategies: {
    local: {
      scheme: 'refresh',
      token: {
        property: 'jwtToken',
        maxAge: 1800,
        global: true,
        // type: 'Bearer'
      },
      refreshToken: {
        property: 'refreshToken',
        data: 'refreshToken',
        maxAge: 60 * 60 * 24 * 30
      },
      user: {
        property: false,
        autoFetch: false
      },
      endpoints: {
        login: { url: '/accounts/authenticate', method: 'post', propertyName: 'data.jwtToken' },
        refresh: { url: '/accounts/refresh-token', method: 'post' },
        user: false,
        //user: { url: '/accounts/refresh-token', method: 'post', propertyName: null },
        logout: { url: '/accounts/revoke-token', method: 'post' }
      },
      // autoLogout: false
    }
  }
}

Response

Cookies

Cookies and the answer are correct I think. What's wrong?

kissu
  • 40,416
  • 14
  • 65
  • 133
jaribu
  • 115
  • 1
  • 11
  • Here is a link of a question looking like this in terms of debugging from yesterday: https://stackoverflow.com/a/68081536/8816585 Can you give it a look and give us feedback as of what you do have in your case? (I guess that you don't have any errors) – kissu Jun 23 '21 at 15:25
  • Yes, no error. I added $auth.setUser without success/change. loggedIn & user stay at false. – jaribu Jun 23 '21 at 20:44
  • @kissu Edit : With $auth.setUser I have an user object but loggedIn stay false. – jaribu Jun 24 '21 at 12:18

1 Answers1

0

It's "working" with this configuration :

  auth: {
    redirect: {
      login: '/login',
      logout: '/',
      callback: '/login',
      home: '/'
    },
    strategies: {
      local: {
        scheme: 'refresh',
        token: {
          property: 'jwtToken',
          maxAge: 1800,
          global: true,
          //type: ''
        },
        refreshToken: {
          property: 'jwtToken',
          data: 'refreshToken',
          maxAge: 60 * 60 * 24 * 30
        },
        user: {
          property: false,
          autoFetch: false
        },
        endpoints: {
          login: { url: '/accounts/authenticate', method: 'post', propertyName: 'jwtToken' },
          refresh: { url: '/accounts/refresh-token', method: 'post' },
          user: false,
          //user: { url: '/accounts/refresh-token', method: 'post', propertyName: null },
          logout: { url: '/accounts/revoke-token', method: 'post' }
        },
        // autoLogout: false
      }
    }
  }

But in reality the refresh token is sent by the server in an HTTP Only cookie so it is not functional. Is this case covered by @nuxtjs/auth-next or is it mandatory to have the refresh token in the API response?

jaribu
  • 115
  • 1
  • 11