search

sidebase / nuxt-auth

Authentication built for Nuxt 3! Easily add authentication via OAuth providers, credentials or Email Magic URLs!
https://auth.sidebase.io
MIT License
1.31k stars 164 forks source link

Token Cookie not set for refresh strategy #759

Closed Jonathanthedeveloper closed 5 months ago

Jonathanthedeveloper commented 5 months ago

Environment

Operating System: Linux

Reproduction

After a successful sign-in, Inspect the browser tab, the access token isn't there image As you can see in the image above only the refresh token was set as cookie

Below is my nuxtconfig

export default defineNuxtConfig({
  devtools: { enabled: true },
  modules: ['@sidebase/nuxt-auth'],
  auth: {
    baseURL: 'http://127.0.0.1:3001/api',
    provider: {
      type: 'refresh',
      endpoints: {
        signIn: { path: '/auth/signin', method: 'post' },
        signOut: { path: '/auth/signout', method: 'post' },
        signUp: { path: '/auth/signup', method: 'post' },
        getSession: { path: '/users/profile', method: 'get' },
        refresh: { path: '/auth/refresh', method: 'post' },
      },
      token: {
        signInResponseTokenPointer: '/session/access_token',
        cookieName: 'access_token',
      },
      refreshToken: {
        signInResponseRefreshTokenPointer: '/session/refresh_token',
        cookieName: 'refresh_token',
      },
      sessionDataType: {
        message: 'string',
        data: {
          _id: 'string',
          email: 'string',
        },
      },
    },
  },
});

Describe the bug

After successfully signing in, the accessToken is not being stored as a cookie. I think this problem may be due to the access token being stored in memory. As a result:

  1. I am unable to make requests to the backend server without using a composable.
  2. Refreshing the protected page results in a redirect to the login page.

Additional context

I need to store the access token as a cookie, so that my axios request interceptors can append it as a bearer token when making a request to my backend server.

Update

This bug occurs when I configure the baseUrl to a different domain/ port from my frontend currently my website is locally hosted as such

Logs

No response

Jonathanthedeveloper commented 5 months ago

After hours of debugging, I realized that you must specify the token's sameSiteAttribute property as either lax or strict if your baseUrl differs from your frontend domain name.