Auth-module: Token is stored with prefix in cookie and localstorage

Created on 3 Apr 2018 · 3Comments · Source: nuxt-community/auth-module

Version

v4.0.0

Reproduction link

https://nuxt-auth.herokuapp.com/

Steps to reproduce

Login using "local" scheme.
Check localstorage and cookies and you see the token with the prefix Bearer.
Try to do a request with axios.
The Authorization header will have 2 prefix and the token, ex: Bearer Bearer ........
The request will fail beacause the authorization header is invalid.

What is expected ?

The token must be saved without the prefix because the setToken helper of axios module already set the prefix.

What is actually happening?

The token is saved with the prefix and all future request made by axios has an invalid authorization header.

The fetchUser method of the module has the correct authorization header because builds it own header, because of this the login process is okey, you can see this in /lib/auth/auth.js file line 251.

Additional comments?

You can see this issue in the demo site, check the localstorage "auth._token.local" key after login and "auth._token.local" cookie:
https://nuxt-auth.herokuapp.com/

_{This bug report is available on Nuxt.js community (#c81)}

solved

Source

javialon26

👍3

Most helpful comment

@javialon26 Hi !

Thank you for your bug report, confirmed as a bug on the demo site using the following command while logged in:

$nuxt.$axios.get('api/auth/user');

This will automatically returns the following:

UnauthorizedError: Format is Authorization: Bearer [token]

As the request headers are composed by an invalid Authorization header:

Authorization: Bearer Bearer token

This is most likely related to this, I think the token is passed with "Bearer " and then set again with axios-module with this.$auth.ctx.app.$axios.setToken(token, this.options.tokenType)

"Bearer" is set by this on lib/core/auth.js here:

setToken (strategy, token) {
    const _key = this.options.token.prefix + strategy

    return this.$storage.setUniversal(_key, token)
  }

breakingrobot on 3 Apr 2018

👍4

All 3 comments

@javialon26 Hi !

Thank you for your bug report, confirmed as a bug on the demo site using the following command while logged in:

$nuxt.$axios.get('api/auth/user');

This will automatically returns the following:

UnauthorizedError: Format is Authorization: Bearer [token]

As the request headers are composed by an invalid Authorization header:

Authorization: Bearer Bearer token

This is most likely related to this, I think the token is passed with "Bearer " and then set again with axios-module with this.$auth.ctx.app.$axios.setToken(token, this.options.tokenType)

"Bearer" is set by this on lib/core/auth.js here:

setToken (strategy, token) {
    const _key = this.options.token.prefix + strategy

    return this.$storage.setUniversal(_key, token)
  }

breakingrobot on 3 Apr 2018

👍4

Fixed on #115 - Will be available soon 👍

breakingrobot on 3 Apr 2018

👍2

Wait for updates。。。。How I delete the prefix

linda8167 on 9 Apr 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Redirect after Login does not happen

manniL · 4Comments

Different guards for auth

weijinnx · 3Comments

[Auth-next] Unexptected token { when extending a Scheme

Amoki · 3Comments

Add facebook scheme

pi0 · 3Comments

Nuxt internal server error

yuwacker · 3Comments