auth: {
globalMiddleware: true,
redirectStrategy: 'query', // IMPORTANT! Otherwise, there will be an infinite logout loop.
watchLoggedIn: true,
cookie: {
prefix: 'auth.',
options: {
path: '/',
secure: process.env.NODE_ENV === 'production', // Enable only in production.
sameSite: 'lax', // IMPORTANT!
},
},
redirect: {
login: '/login',
logout: '/login',
callback: '/login',
home: '/',
},
strategies: {
local: {
scheme: 'refresh',
token: {
property: 'access',
type: 'JWT',
},
refreshToken: {
property: 'refresh',
data: 'refresh', // IMPORTANT! Note that the refresh token is not a JWT token.
},
user: {
property: false,
},
endpoints: {
login: {
url: `${process.env.API_URL}/auth/token/`,
method: 'post',
},
refresh: {
url: `${process.env.API_URL}/auth/token/refresh/`,
method: 'post',
},
user: false,
logout: {
url: `${process.env.API_URL}/auth/logout/`,
method: 'post',
},
},
},
google: {
clientId: process.env.GOOGLE_CLIENT_ID,
responseType: 'code',
codeChallengeMethod: '', // This is important!
endpoints: {
scope: ['openid', 'profile', 'email'],
token: `${process.env.API_URL}/auth/social/google/`,
userInfo: `${process.env.API_URL}/users/me/`,
},
token: {
// The token type needs to match the AUTH_HEADER_TYPES setting under
// SIMPLE_JWT in the Django settings (Bearer by default).
type: 'JWT',
property: 'access',
},
refreshToken: {
// The refresh token is not a JWT token!
property: 'refresh',
},
},
},
},
Reproduction
Can't reproduce.
Describe the bug
Not sure exactly what happens, but when I upgrade from 2.7.0 to 2.7.1 my websocket authentication breaks. This happens only in production and only for websockets, but not for normal auth.
Websocket auth looks like this:
const token = auth.tokenStrategy.token?.get() as string
if (!token) {
console.log('No token found.')
return
}
// Open socket.
socket = new WebSocket(`${config.public.websocketUrl}/prompts/${promptId}/?token=${token.split(' ')[1]}`)
The backend (django simple-jwt) says the token is invalid as far as I understand it.
Environment
Darwin
v18.15.0
3.8.0
3.9.1
2.7.1
pnpm@8.10.0
-
ssr
,runtimeConfig
,site
,modules
,imports
,experimental
,sourcemap
,devtools
,app
,vite
,typescript
,css
,postcss
,nitro
,piniaPersistedstate
,http
,auth
,colorMode
,plausible
,sitemap
@nuxt/devtools@1.0.0
,@nuxt-alt/auth@2.7.1
,@nuxt-alt/http@1.6.9
,@nuxtjs/color-mode@3.3.0
,@nuxtjs/plausible@0.2.3
,@nuxtseo/module@2.0.0-beta.39
,@pinia/nuxt@0.5.1
,@pinia-plugin-persistedstate/nuxt@1.2.0
,@unocss/nuxt@0.57.1
,@vueuse/nuxt@10.5.0
,nuxt-icon@0.6.1
,nuxt-vitest@0.11.0
-
Nuxt Config
Reproduction
Can't reproduce.
Describe the bug
Not sure exactly what happens, but when I upgrade from
2.7.0
to2.7.1
my websocket authentication breaks. This happens only in production and only for websockets, but not for normal auth.Websocket auth looks like this:
The backend (django simple-jwt) says the token is invalid as far as I understand it.
Downgrading to 2.7.0 resolves the issue.
Additional context
No response
Logs
No response