Laravel Sanctum / Cookie scheme does not log user out on route change when session expires

sts-ryan-holton commented 2 years ago

Version

module: 5.0.0-1647967358.de1bb0f nuxt: 2.15.8

Nuxt configuration

mode:

[x] universal
[ ] spa

Nuxt configuration

/*
** Axios module configuration
** See https://axios.nuxtjs.org/options
*/
axios: {
  credentials: true,
  baseURL: process.env.API_URL
},
/*
** Auth config
*/
auth: {
  redirect: {
    login: '/account/login/',
    logout: '/account/login/',
    callback: '/account/login/',
    home: '/account/domains/'
  },
  strategies: {
    'laravelSanctum': {
      provider: 'laravel/sanctum',
      url: process.env.API_URL,
      endpoints: {
        login: { url: '/api/auth/login', method: 'post' },
        logout: { url: '/api/account/logout', method: 'post' },
        user: { url: '/api/auth/user', method: 'get', propertyName: 'user' }
      },
    }
  }
},

What is expected?

When a user tries to navigate to a page that performs a request requiring an authenticated user, the user should automatically be redirected to the redirect.login route if the response received is a 401 status code when the cookie expires.

What is actually happening?

When using the Laravel Sanctum provider, and setting the SESSION_LIFETIME to an unrealistic 1 minute period, the customer isn't redirected to the login page when they try to access a route that requires them to be logged in. Instead, they've got to refresh their web page.

Steps to reproduce

Use Laravel Sanctum provider
Set SESSION_LIFETIME=1 in the Laravel .env file
Log in through the front-end
Wait for the session to expire after a minute and try to navigate the admin area

Checklist

[x] I have tested with the latest Nuxt version and the issue still occurs
[x] I have tested with the latest module version and the issue still occurs
[x] I have searched the issue tracker and this issue hasn't been reported yet

sts-ryan-holton commented 2 years ago

Update?

sts-ryan-holton commented 2 years ago

Update?

antandev commented 2 years ago

hi @sts-ryan-holton,

i think the config for your nuxt-auth should looks like this

auth: {
  redirect: {
    login: '/account/login/',
    logout: '/account/login/',
    callback: '/account/login/',
    home: '/account/domains/'
  },
  strategies: {
    'laravelSanctum': {
      provider: 'laravel/sanctum',
      url: process.env.API_URL,
      user: {
        property: 'user'
      }
      endpoints: {
        login: { url: '/api/auth/login', method: 'post' },
        logout: { url: '/api/account/logout', method: 'post' },
        user: { url: '/api/auth/user', method: 'get' }
      },
    }
  }
},

and also you need to keep calling this.$auth.fetchUser() everytime route changed on page reload, because on my experience using this module is this module only fetch user once after using loginWith

hope this will help

nuxt-community / auth-module