2

I'm now trying to code a login functionality using nuxt-auth.

I've got a FastAPI server that is set to work with HTTPOnly cookies, thus it needs a csrf token for throwing a user to my client. I can't handle the token because it's HTTPOnly so no LocalStorage

Login works fine but I can't manage to get the stored user. I made that after request to my /login endpoint, Nuxt also requests a user on /me endpoint. But I'm getting the 401 response and

Missing cookie access_token_cookie

error on /me. I don't know how to handle it.

my login request method

async userLogin() {
  await this.$auth.loginWith('cookie', {
    data: `grant_type=&username=${this.emailInput}&password=${this.passwordInput}&scope=&client_id=&client_secret=&`,
    method: 'POST',
    headers: {'Content-Type': 'application/x-www-form-urlencoded'},
  })
  await this.$router.push('/account')
}

I read that nuxt-auth is bad at cookie patterns but the post was from 2018 and we have a 'cookie' strategy now. So is there a workaround of it's better to handle authentication manually?

my auth key in nuxt.config.js

auth: {
  strategies: {
    cookie: {
      endpoints: {
        login: {
          url: "/api/v1/login/login",
          method: "post",
          withCredentials: true
        },
        logout: { url: "/api/v1/login/logout", method: "post" },
        user: {
          url: "/api/v1/users/me",
          method: "get"
        }
      },
      tokenType: "bearer"
    }
  }
}
kissu
  • 40,416
  • 14
  • 65
  • 133
Petter Tchirkov
  • 33
  • 1
  • 4

1 Answers1

1

I have a working http-only cookie based setup on Nuxt + Django.

My Nuxt application reverse proxies API requests to backend. So, it can read cookies on server side.

So, I create auth-ssr.ts middleware to check is user loggedIn

import { Context, Middleware } from '@nuxt/types'
import { parse as parseCookie } from 'cookie' // this is lib https://github.com/jshttp/cookie

/**
 * This middleware is needed when running with SSR
 * it checks if the token in cookie is set and injects it into the nuxtjs/auth module
 * otherwise it will redirect to login
 * @param context
 */
const authMiddleware: Middleware = async (context: Context) => {
  if (process.server && context.req.headers.cookie != null) {
    const cookies = parseCookie(context.req.headers.cookie)
    const token = cookies['session'] || '' // here your cookie name
    if (token) {
      context.$auth.$state.loggedIn = true
    }
  }
}

export default authMiddleware

And here my nuxt.config.js

  auth: {
    strategies: {
      cookie: {
        user: {
          property: 'user',
        },
        endpoints: {
          login: {
            url: '/api/v2/auth/login/',
            method: 'post',
          },
          user: {
            url: '/api/v2/auth/user/',  
            method: 'get',
          },
          logout: {
            url: '/api/v2/auth/logout/',
            method: 'post',
          },
        },
      },
    },
    redirect: {
      login: '/login',
    },
    plugins: ['@plugins/axios.ts'],
  },
  
  router: {
    middleware: ['auth-ssr', 'auth'],
  },
  
  // Axios module configuration: https://go.nuxtjs.dev/config-axios
  axios: {
    proxy: true,
  },

  proxy: {
    '/api': {
      target: 'https://backend.com/',
    },
  },
  
  ...
Yevhen Bondar
  • 4,357
  • 1
  • 11
  • 31