search

sidebase / nuxt-auth

🔐 Nuxt user authentication and sessions via authjs (next-auth), local and refresh providers. nuxt-auth wraps NextAuth.js to offer the reliability & convenience of a 12k star library to the nuxt 3 ecosystem with a native developer experience (DX)
https://sidebase.io/nuxt-auth/
MIT License
1.12k stars 134 forks source link

Refresh provider on tab refocus calls `getSession` instead of `refresh` #765

Closed mbellamyy closed 1 day ago

mbellamyy commented 3 weeks ago

Environment

Reproduction

not needed, code is obvious

Describe the bug

This is actually two issues.

First issue is here. Let's assume refresh provider is chosen.

https://github.com/sidebase/nuxt-auth/blob/faa039b72da2c64d9c214f0502dea053c7a4ff84/src/runtime/utils/refreshHandler.ts#L43-L62

We're creating two intervals. One of them is calling getSession and the other is calling refresh. But the refresh implementation calls getSession at the end itself... So the first interval might be redundant for refresh? I know the interval times are different. So this is not a hugely imporant part of this issue.

Now the second (and more important) part of the issue:

https://github.com/sidebase/nuxt-auth/blob/faa039b72da2c64d9c214f0502dea053c7a4ff84/src/runtime/utils/refreshHandler.ts#L22-L29

This function is the tab refocus refresher. It is calling getSession which is acceptable in the local provider, but for refresh I think it should call refresh, which in turn calls getSession later. If the token is expired (but can be refreshed), this method is missing it and logging the user out.

Additional context

No response

Logs

No response

ThomasSimonsen20 commented 5 days ago

@phoenix-ru Hey Phoenix sorry to ping, I see you started working on a PR regarding this, is this something you are still working on? I am facing a similar issue as above and I believe your PR would fix that issue :)

I am sadly not experienced enough to figure out if I could help with anything in your PR, as I can barely understand what's going on :D

phoenix-ru commented 3 days ago

Hi @ThomasSimonsen20 , I was on a vacation :slightly_smiling_face: I will possibly come back to this in 2 days or next week, as it's awaiting review from @zoey-kaiser

ThomasSimonsen20 commented 3 days ago

Thank you for the update, hope you had a nice vacation :)

zoey-kaiser commented 1 day ago

Hi @mbellamyy and @ThomasSimonsen20 👋

Sorry for the ping, but I wanted to quickly let you know that we have just released https://github.com/sidebase/nuxt-auth/releases/tag/0.8.0-alpha.3 in which you can now define your own custom refresh logic! Feel free to check out the release notes for more information!