search

sidebase / nuxt-auth

Authentication built for Nuxt 3! Easily add authentication via OAuth providers, credentials or Email Magic URLs!
https://auth.sidebase.io
MIT License
1.3k stars 165 forks source link

ProviderLocalRefresh doesn't store the cookie for the auth token #786

Open mlorenzog opened 4 months ago

mlorenzog commented 4 months ago

Environment

Reproduction

Start a new project, using this auth configuration:

auth: { globalAppMiddleware: { isEnabled: true }, // Important, this variable is set at build time baseURL: process.env.AUTH_BASE_URL // https://sidebase.io/nuxt-auth/configuration/nuxt-config provider: { type: 'refresh', pages: { login: '/auth/login' }, endpoints: { signIn: { path: '/api/login', method: 'post' }, getSession: { path: '/api/v1/user/data', method: 'get' } // signOut: { path: '/logout', method: 'post' }, // signUp: { path: '/register', method: 'post' }, },

  refreshToken: {
    signInResponseRefreshTokenPointer: '/refresh_token'
  },
  token: {
    signInResponseTokenPointer: '/token'
  }
}

}

Describe the bug

Using that configuration only the refresh token is stored at the cookie, not the session token.

We have tested it and detected that changing the same-site attribute of the token cookie to "lax" it works, but by default the same-site attribute is setted as "none" for that schema. According to the source code the default value should be "lax" (https://github.com/sidebase/nuxt-auth/blob/cb3db19563f8cb3af6dd63097e91305697c3ce8a/src/runtime/types.ts#L168)

Additional context

No response

Logs

No response

agracia-foticos commented 4 months ago

Related??? https://github.com/sidebase/nuxt-auth/issues/790

phoenix-ru commented 3 months ago

@agracia-foticos I don't think it is related, as #790 refers to authjs provider, while this refers to refresh provider

andre-silva9975 commented 3 months ago

Hello I had a similar issue and I solved it by clearing the browser data. But before doing that, try checking if the problem is solved in an incognito browser window.