search

sidebase / nuxt-auth

Authentication built for Nuxt 3! Easily add authentication via OAuth providers, credentials or Email Magic URLs!
https://auth.sidebase.io
MIT License
1.33k stars 164 forks source link

Doesn't Refresh Token When Expired and Tab is Closed #914

Closed luthfihizb closed 1 month ago

luthfihizb commented 2 months ago

Environment

Reproduction

Here is my auth config

auth: {
    isEnabled: true,
    disableServerSideAuth: false,
    globalAppMiddleware: true,
    baseURL: `${process.env.API_HOST}/v1/auth/`,
    provider: {
      type: "local",
      endpoints: {
        signIn: { path: "login", method: "post" },
        getSession: { path: "session", method: "get" },
      },
      token: {
        signInResponseTokenPointer: "/data/token",
        cookieName: "_auth_t",
        maxAgeInSeconds: 10,
        cookieDomain: "localhost",
      },
      refresh: {
        isEnabled: true,
        refreshOnlyToken: true,
        endpoint: {
          path: "refresh",
          method: "post",
        },
        token: {
          signInResponseRefreshTokenPointer: "/data/refreshToken",
          cookieName: "_auth_r",
          maxAgeInSeconds: 3600 * 24 * 7,
          cookieDomain: "localhost",
        },
      },
      session: {
        dataType: {
          id: "number",
          username: "string",
          name: "string",
        },
      },
    },
  },

Describe the bug

Currently, I'm testing what happens when the access token expires by simulating a very short expiration time (10 seconds). If the access token expires while the tab is still open (but I switch to another tab), when I refocus the tab, the access token refreshes fine..

image

But if the tab is closed when the access token is expired, the refresh mechanism is somehow ignored, and the user is redirected to the login page even though the refresh token still exists in the cookies. Reloading the tab also does not trigger the refresh.

image

Is this behavior expected? What I expect is that refocusing existing tab, reloading the tab, or opening a new tab should have the same behavior, right?

Additional context

No response

Logs

No response

andychukse commented 2 months ago

enableOnWindowFocus is true by default. Maybe for your use case enabling period refresh will work.

sessionRefresh: {
        enablePeriodically: 1000 * 10,
        enableOnWindowFocus: true,
    }
luthfihizb commented 2 months ago

Maybe for your use case enabling period refresh will work

enabling period refresh only works if the tab is open.. meanwhile the issue still occurs if the token expires while the tab is closed

github-actions[bot] commented 1 month ago

Hello 👋

Please provide a reproduction for this issue 🙏

How can I create a reproduction? Please use one of the following links to reproduce your issue. - https://stackblitz.com/github/nuxt/starter/tree/v3-stackblitz - https://codesandbox.io/s/github/nuxt/starter/v3-codesandbox Please ensure that the reproduction is as **minimal** as possible. This will allow us to isolate the issue as best as possible. Here are some more amazing posts about the importance of reproductions: - [The Importance of Reproductions](https://antfu.me/posts/why-reproductions-are-required) - [How to Generate a Minimal, Complete, and Verifiable Example](https://stackoverflow.com/help/minimal-reproducible-example)
github-actions[bot] commented 1 month ago

This issue was closed because it was open for 14 days without a reproduction.