oAuth2 stuck

[steklopod]

Environment

• Node Version: v20.8.1
• Nuxt Version: 3.8.2
• CLI Version: 3.10.0
• Nitro Version: 2.8.0
• Package Manager: pnpm@8.11.0
• Builder: -
• User Config: experimental, ssr, runtimeConfig, build, css, hooks, modules, auth, app
• Runtime Modules: @nuxt-alt/auth@3.0.3, @pinia/nuxt@0.5.1, nuxt-vitest@0.11.5, @nuxtjs/stylelint-module@5.1.0, @vueuse/nuxt@10.5.0
• Build Modules: -

Nuxt Config

  auth: {
    scopeKey: 'scope',
    globalMiddleware: true,
    // routerStrategy: 'navigateTo',
    strategies: {
      refresh: {
        scheme: 'refresh'
   }
}

Reproduction

https://colaba.online/login?t=0

Just press the button and try to login

---

Describe the bug

I have backend that manages oAuth2.

After success it sets cookies and redirect to main frontend page

In latest versions of library if Cookies a set it breaks entire application: redirect will be never finished and node stops working.

Additional context

• username+password works.
• no problems on backend

Desired behaviour

If cookies were set by backend and I was redirected to main page:

• log in
• fetch user

This worked earlier. Maybe latest changes with watchLoggedIn causes this 🤷🏻

[Denoder]

Accessing the url itself is loading extremely slow without me interacting, so im uncertain if this pertains to the module at all, and watchLoggedIn was reverted in 3.0.1

[steklopod]

Yes. This is the problem I reported. Loader never ends. Finally there will be timeout error from nginx.

I can't tell you exactly in which version it appeared because I did not tested it a long time. I'll try to investigate and will write later which version causes the problem.

The problem is that it crashes the whole app and I have to manually restart docker container to make it working again.

Also I tried to add second strategy (did not helped):

      cookie: {
        scheme: 'cookie',
        name: 'auth._token.refresh',
}

[steklopod]

It's not possible to rollback to working version (for example 2.6.0) because in library we have latest versions which produces conflicts and fails. Persanally I prefer hard-coded version even without ^

Looks like removing cookie: { server: true }, causes an error from this release:

https://github.com/nuxt-alt/auth/commit/a9540fbc36b6a4af330046ccead83daa00db576a#r134141891

---

I can 100% guarantee that it worked in version 2.4.2

[Denoder]

What you're telling me doesn't make sense. I recoupled the cookie scheme back to the local scheme (because I'm trying to maintain the same code structure as the original module unless it really needs a change), the server param was removed because Nuxt 3 was being quirky at the time when working with server/client flow, so I needed to force the difference.

In your first post you are using the refresh scheme which is separate from the cookie scheme and they're both extensions of the local scheme. Google authentication flow needs to be handled by OAuth2.

Any custom modifications you're trying to do should be handled by a custom scheme.

[steklopod]

I always use refresh scheme. It worked before in older versions.

I mentioned cookie scheme to show how I tried to solve the problem by adding second strategy. It did not help.

I don't need Google authentication flow implemented on frontend. I do it on backend. I just reported that earlier the functionality allowed automatic login if user was not loggedIn but token is not empty in cookies.

So let me try to explain it with pseudo-code of auto-login:

onBeforeMount(() => {
  if (!useAuth().loggedIn && cookies.token.isNotEmpty() && cookies.token.isNotExpired()){
    await useAuth().login() // + fetch user
  }
})