How does nuxt-auth cookie checks the backend?

Question

I am trying to create a restricted area where logged in users would need to input a code to access it. I'm using laravel sanctum and nuxt(ssr) with nuxt-auth module. I'm trying to understand how nuxt-auth module is checking the backend if a user is logged in or not so I can replicate this in my own restricted area access.

So far I noticed that if I invalidate the user session on the backend (FLUSHALL redis sessions) when I refresh the frontend, somehow nuxt-auth knows that the user is logged out and logs the user out on frontend too.

Same if I remove the /api/user route, nuxt thinks that the user is logged out. But when the route is active I don't see the route being accessed in the dev network tab.

I am new to nuxt and I cannot understand where in the nuxt-module source code is it doing the backend check. Is it in the middleware or storage? I'm confused.

So far in the backend I'm checking the user code and save an ID in the session similar with a user log in situation. Now I'm trying to make a nuxt middleware that would verify this.

Answer 1

Nuxt-auth will store a JWT token in cookies usually (it depends on which configuration you're doing of course!) and all of this is checked by reaching your backend's route.

If you refresh your SPA and flush the DB or break the route, the module wipes the client storage + set the loggedIn state to false.

Usually, you do have a JWT token for a specific amount of time (maybe 1 hour or so), if it is not expired, you will not get any network request. If you delete the JWT token, you should see a network request.

Otherwise, a global auth middleware is also available, out of the box with the module. But you could add another global one if you want to have something homemade.