Flask + Vue -- Cookie authentification refresh token not working?

Question

I am creating a web app with Flask and Vue.js... I got everything working so far but when the access token expires, the refresh process doesn't work.

Cookies seem to be set in browser correctly:

Here is the important flask configuration:

...    
app.config["JWT_TOKEN_LOCATION"] = ["cookies"]
app.config["JWT_ACCESS_CSRF_HEADER_NAME"] = "X-CSRF-TOKEN-ACCESS"
app.config["JWT_REFRESH_CSRF_HEADER_NAME"] = "X-CSRF-TOKEN-REFRESH"
...
@app.route("/api/refresh", methods=["POST"])
@jwt_required(refresh=True)
def refresh():
    userid = get_jwt_identity()
    user = User.query.filter_by(id=userid).first()
    access_token = create_access_token(identity=user.id)

    resp = jsonify()
    set_access_cookies(resp, access_token)

    return resp, 201

Here is the axios configuration in vue:

const authServ = axios.create({
    baseURL: process.env.VUE_APP_AUTH_URL,
    withCredentials: true,
    xsrfCookieName: 'X-CSRF-TOKEN-ACCESS'
});

const COOKIE_EXPIRED_MSG = "Token has expired";
authServ.interceptors.response.use(resp => {
    return resp;
}, async (error) => {
    const error_msg = error.response.data.msg;
    switch (error.response.status) {
        case 401:
            if (!error.config.retry && error_msg === COOKIE_EXPIRED_MSG) {
                error.config.retry = true;
                authServ.defaults.xsrfCookieName = 'X-CSRF-TOKEN-REFRESH';
                await authServ.post('/refresh')
                authServ.defaults.xsrfCookieName = 'X-CSRF-TOKEN-ACCESS';
                return authServ(error.config);
            }
            break;
        case 404:
            await router.push('/404');
            break;
        default:
            break;
    }
    return error.response;
});

EDIT 1: The error message in the browser:

Failed to load resource: the server responded with a status of 401 (UNAUTHORIZED)

EDIT 2: Fixed it by changing the method to GET, I would still like to know why though so if anyone has an idea... ^^

resp = jsonify() seems a little suspect, are you sure you didnt mean resp = jsonify({"message": "ok"}) or at least anything that can be jsonified? Also, what part of your code fails? the backend flask route or frontend code, for example a 500 status_code? — c8999c 3f964f64, Dec 06 '21 at 14:10
@c8999c3f964f64 Yeah maybe... But this should just be an empty json string shouldn't it? The part needed i thought is the cookie setting since i don't really do anything with the json response — TheSaltyOne, Dec 06 '21 at 17:01
I'm saying this because an empty json body is actually invalid json, both in the request as well as in the response. at the very, very least, use something like {} as a body — c8999c 3f964f64, Dec 07 '21 at 08:15
@c8999c3f964f64 I have tried adding {} as an empty dict as well as a {"success": True} to the response... Rest is left unchanged... It still doesn't work D: — TheSaltyOne, Dec 07 '21 at 10:45
@c8999c3f964f64 I just noticed you asking for what failed, i will add it in the initial question as an edit :) — TheSaltyOne, Dec 07 '21 at 13:25
Glad you could solve it! is it possible you had a mismatch with GET and POST, so the backend was returning a 403 "Method not allowed", and this wasn't handled correctly by the frontend? — c8999c 3f964f64, Dec 08 '21 at 15:38

Flask + Vue -- Cookie authentification refresh token not working?

0 Answers0