search

akveo / nebular

:boom: Customizable Angular UI Library based on Eva Design System :new_moon_with_face::sparkles:Dark Mode
https://akveo.github.io/nebular
MIT License
8.06k stars 1.51k forks source link

NbPasswordAuthStrategy not calling refresh endpoint #2655

Open GiamBoscaro opened 3 years ago

GiamBoscaro commented 3 years ago

Issue type

I'm submitting a ... (check one with "x")

Issue description

I am developing a web app based on ngx-admin. I cloned the basic branch and started modifying the Authentication system to make it work with my auth server. My auth server sends back at login a JWT and a HTTPOnly cookie with a refresh token. I have then a refresh_token API to refresh the JWT with the refresh token. I am using NbPasswordAuthStrategy. I saw there's a way to automatically refresh the token with the strategy as seen here https://akveo.github.io/nebular/docs/auth/nbpasswordauthstrategy#nbpasswordauthstrategy

Current behavior:

JWT works perfectly. I created a simple interceptor to add withCredentials: true to every request so I can send the httponly cookie at every request. This works perfectly too. But... I configured the refreshToken property in the NbStrategy but it is never called, so obviously I never get my token refreshed. Am I missing something or something is not working?

Expected behavior: Refresh token endpoint gets called automatically

Related code:

This is my strategy

 NbAuthModule.forRoot({
            strategies: [
                    NbPasswordAuthStrategy.setup({
                            {
                                baseEndpoint = '/api/auth/';
                                login: {
                                    endpoint: 'login',
                                    method: 'post',
                                    redirect: {
                                        success: '/home',
                                        failure: null,
                                    },
                                };
                                logout: {
                                    endpoint: 'logout',
                                    method: 'post',
                                    redirect: {
                                        success: '/login',
                                        failure: null,
                                    },
                                };
                                refreshToken: {
                                    endpoint: 'refresh_token',
                                    method: 'post',
                                    requireValidToken: true,
                                    redirect: {
                                        success: null,
                                        failure: null,
                                    },
                                };
                                token: {
                                    class: NbAuthJWTToken,
                                    key: 'accessToken',
                                };
                                ...........
khashashin commented 3 years ago

I've similar problem. In my case backend sends back { access: dnk1j3210u0fds9ifaosdjksjnf1028ua9s, refresh: lkfmn2o344j309fdsjkf2lök3j9 }
and in the token we can only provide the token key, so I've to put here access. And I'll lost my refresh token since I cannot save it.