search

nuxt-community / auth-module

Zero-boilerplate authentication support for Nuxt 2
https://auth.nuxtjs.org
MIT License
1.93k stars 924 forks source link

Oauth2 : how to refresh the access token when it is expired ? #1433

Closed jiboule closed 2 years ago

jiboule commented 2 years ago

My Oauth2 flow is working fine, I get my accessToken and can request my API. My problem occurs when the accessToken is expired.

It seems that either the refreshTokens function does nothing nor the token is refreshed automatically by auth.

I set the validity duration of my acces tokens to 60 seconds on purpose for the tests.

Here is my config :

strategies: {
      my_strategy: {
        scheme: 'oauth2',
        endpoints: {
          authorization: 'https://api.local/oauth2/auth',
          refresh: { url: 'https://api.local/oauth2/refresh', method: 'post' }, // seems to not being used
          token: undefined,
          userInfo: 'https://api.local/api/me/profile',
          logout: 'https://api.local/oauth2/logout',
        },
        token: {
          property: 'access_token',
          type: 'Bearer',
          maxAge: 60 // 60 seconds on purpose
        },
        refreshToken: {
          property: 'refresh_token',
          maxAge: 60 * 60
        },
        responseType: 'code',
        codeChallengeMethod: 'S256',
        grantType: 'authorization_code',
        accessType: undefined,
        redirectUri: process.env.OAUTH2_REDIRECT_URI,
        logoutRedirectUri: undefined,
        clientId: process.env.API_KEY,
        scope: [],
      }
    }

When I call refreshTokens programmatically :

refresh() {
    this.$auth.refreshTokens(); // nothing happens here
}

Am I supposed to extend axios by myself and implements the refresh token flow ? If so, what is the point to configure refresh token in the scheme ?

Intevel commented 2 years ago

If refresh token is available and not expired. This only works when logged in.