search

nuxt-community / auth-module

Zero-boilerplate authentication support for Nuxt 2
https://auth.nuxtjs.org
MIT License
1.93k stars 924 forks source link

How to handle with HTTPOnly JWT and Refresh Token? #1669

Open gbeslic opened 2 years ago

gbeslic commented 2 years ago

Hi,

i hope that you're doing all good.

As stated in my title, I set the tokens serverside as HTTPOnly cookies. Currently I have the following configuration in Nuxt: 

auth: {
    strategies: {
      local: {
        scheme: 'refresh',
        token: {
          property: false,
          //required: false,
          type: false,
          maxAge: 60
        },
        refreshToken: {
          property: false,
          required: false,
          maxAge: 60*30
        },
        user: {
          property: 'user'
        },
        endpoints: {
          login: {
            url: '/api/user/login', method: 'post' 
          },
          refresh: {
            url: '/api/user/refresh', method: 'post' 
          },
          user: {
            url: '/api/user', method: 'get' 
          },
          logout: {
            url: '/api/user/logout', method: 'post' 
          }
        }
      }
    }
 }

Currently you can log in and the user is also recognized. However, when the access token expires, the refresh endpoint is not called, but the user is simply logged out. I have tried everything in the documentation but no way works.

I hope someone can help me and thank you in advance for any help!