search

nuxt-community / auth-module

Zero-boilerplate authentication support for Nuxt 2
https://auth.nuxtjs.org
MIT License
1.93k stars 925 forks source link

Confused by Cookie Strategy #1412

Open gelinger777 opened 2 years ago

gelinger777 commented 2 years ago

Hi Everybody. I am trying to authenticate by cookie strategy on a API which let's say reachable at https://app.somedomain.xyz/api/v2/

I have a nuxt running on my localhost:3000.

So the API Sets a HostOnly Cookie and gives no Tokens No bearers etc...

Is there any chance that the cookie will be saved by nuxt and reused during the next call? Or I have to try to make some fake subdomain locally like https://fakesub..somedomain.xyz locally via /etc/hosts so that it will work?

There are no Tokens sent back by API so I don't know how to make it work at least for development purposes.

My Strategy looks like this 


axios: {
    baseURL: 'https://app.somedomain.xyz/api/v2/',
    credentials : false
  },
  middleware: ['auth'],
  auth: {
    strategies: {

      localStorage: false,
      cookie: {
        cookie: {
          // (optional) If set, we check this cookie existence for loggedIn check
          name: '_service_session',
        },
        // token: {
        //   // property: "data.access_token",
        //   required: true,
        //   type: "Bearer",
        // },

        endpoints: {
          login: { url: 'service/identity/sessions', method: 'post', withCredentials: false  },
          user: { url: 'service/resource/users/me', method: 'get',   property: false },
          logout: false
        }
      }
    }
  },

I have read many things about your module and I am totally confused by the story that you were not supporting the HttpOnly cookie, then you support it , etc...

Any help and clearance would be appreciated...

steklopod commented 2 years ago

If I am right - localhost:3000 and cookie are not good friends. If your backend is not on localhost also.

Use token from response body:

nuxt.config.ts

auth: {
strategies: {
local: {
token: {
property: 'access_token',  // name of field from server response
required: true,
type: 'Bearer',
maxAge: 60 * 2
},
}}}
gelinger777 commented 2 years ago

Dear @steklopod , the problem is that the API does not return ANY Token. It just sets the cookie and all other requests you have to do with that cookie . There is no Token at all.

T-Zahil commented 2 years ago

Same issue for me 👋

Intevel commented 2 years ago

I think here we should add the bug label