auth0-blog / vue-jwt-authentication

MIT License
509 stars 112 forks source link

id_token and access_token seem swapped #12

Open envisean opened 6 years ago

envisean commented 6 years ago

I setup the local environment to run the example and also ran the upstream nodejs-jwt-authentication-sample repo with node server/server.js.

When I went to Sign Up via the Vue frontend, I am able to create a new user. However, when I am redirected to the secret quote, I am given a 401 unauthorized.

I reviewed the code in src/auth/index.js and realized that this code repo isn't doing anything with the access_token that the upstream example responds with. I changed this file to look like the below and everything seems to work as expected:

import {router} from '../index'

const API_URL = 'http://localhost:3001/'
const LOGIN_URL = API_URL + 'sessions/create/'
const SIGNUP_URL = API_URL + 'users/'

export default {

  user: {
    authenticated: false
  },

  login(context, creds, redirect) {
    context.$http.post(LOGIN_URL, creds, (data) => {
      localStorage.setItem('id_token', data.id_token)
      localStorage.setItem('access_token', data.access_token)

      this.user.authenticated = true

      if(redirect) {
        router.go(redirect)        
      }

    }).error((err) => {
      context.error = err
    })
  },

  signup(context, creds, redirect) {
    context.$http.post(SIGNUP_URL, creds, (data) => {
      localStorage.setItem('id_token', data.id_token)
      localStorage.setItem('access_token', data.access_token)

      this.user.authenticated = true

      if(redirect) {
        router.go(redirect)        
      }

    }).error((err) => {
      context.error = err
    })
  },

  logout() {
    localStorage.removeItem('id_token')
    localStorage.removeItem('access_token')
    this.user.authenticated = false
  },

  checkAuth() {
    var jwt = localStorage.getItem('id_token')
    if(jwt) {
      this.user.authenticated = true
    }
    else {
      this.user.authenticated = false      
    }
  },

  getAuthHeader() {
    return {
      'Authorization': 'Bearer ' + localStorage.getItem('access_token')
    }
  }
}

Did I miss a step, or is this just a case of a required repo changing upstream?