Auth-module: it doesn't fetch user even if I'm ogged in - auth-next

When I try to log in, I get this error https://imgur.com/a/lh67pEc because I'm already logged in. Am I the only one who has this problem?

No you are not. Having same issue. Tried it on fresh project as well, to make sure that some other dependencies are not interfering.

Hi @s8v! This issue seems to be misconfiguration. Can you show me more of your config, like axios and proxy?
The url property should be the proxy path. Also, propertyName is deprecated. Use user.property instead. Example below :)

strategies: {
  laravelSanctum: {
    provider: 'laravel/sanctum',
    url: 'url', // <- Your proxy path
    endpoints: {
      login: { url: '/signin', method: 'post' },
      user: { url: '/me', method: 'get' },
      logout: { url: '/signout', method: 'post' }
    },
    user: {
      property: 'data' // <- User property now goes here
    }
  }
},
cookie: {
  options: {
    expires: 365
  }
}

Docs can be found here: https://auth.nuxtjs.org/providers/laravel-sanctum

Note: If you update to latest version of v5, then you need to change the provider to laravelSanctum

Same issue in version 5.0.0-1608568767.2fe2217

@JoaoPedroAS51 Commit #950 broke this logic.
https://github.com/nuxt-community/auth-module/issues/945#issuecomment-748822560

Version "@nuxtjs/auth-next": "5.0.0-1607693598.34d83ea" works well.

I have no laravel and proxy.

My config:

auth: {
        scopeKey: 'scope',
        resetOnError: true,
        redirect: {login: '/login', logout: '/', callback: '/', home: '/'},
        strategies: {
            cookie: {
                scheme: 'refresh',
                user: {property: false},
                token: {required: false, type: false/*, maxAge: 60 * 60*/},
                refreshToken: {property: 'refresh_token'/*, maxAge: 20160 * 60*/},
                endpoints: {
                    login: {url: '/auth/login', method: 'post'},
                    user: {url: '/auth/user', method: 'post'},
                    refresh: {url: '/auth/refresh', method: 'post'},
                    logout: {url: '/auth/logout', method: 'post'}
                }
            }
        }
    },

Hi @steklopod! Can you send me a screenshot of the user request, showing the authorization header? (Using the working version) I want to understand what authorization was sent :)

Also, if you could tell me more about what your backend expects to receive and what is the response of login, would help me to understand better the problem.

@JoaoPedroAS51

• with version 5.0.0-1607693598.34d83ea (which work fine):
  
  

• with version 5.0.0-1608568767.2fe2217 (which not working) in this version my Cookies = false (auth._token.cookie and others):

My backend expects:

• Authorization header or cookie, _if not found then -->_
• or auth._token.cookie cookie, _if not found then -->_
• or access_token header or cookie

My js-code is:

this.$auth.loginWith('cookie', {data: this.userPrincipal})

@steklopod And what is the response of login request?

@JoaoPedroAS51 the response of login request:

Body:

{
  "access_token": "eyJhbGciOiJIUzUxMi-bla-bla-bla...",
  "response_type": "token",
  "redirect_uri": "/login",
  "client_id": 1,
  "scope": [
    "USER"
  ],
  "token_type": "Bearer",
  "authorization_endpoint": "https://domain.com/api/auth/login",
  "userinfo_endpoint": "https://domain.com/api/auth/user",
  "expires_in": 86400,
  "refresh_token_expires_in": 1209600,
  "token_key": "access_token",
  "refresh_token_key": "refresh_token",
  "state": "eOMtThyhVNLWUZNRcBaQKxI"
}

@steklopod Then, we need to update your token config:

token: {
  property: 'access_token', // <- the token property
  required: true, // <- required must be true, otherwise it will not use token and will not add authorization header 
  type: 'Bearer', // <- the token type 
  /*maxAge: 60 * 60*/ // <- I also recommend setting the maxAge of your token, which should be the same value as `expires_in`, as this value will be used in case the expiration couldn't be decoded. If you let it "commented", the default value will be used (1800)
},

And what your backend expect to refresh the token? I see that there is no refresh_token included in response body.

@JoaoPedroAS51 thanks a lot ! This config helped.

auth: {
        strategies: {
            cookie: {
                token: {property: 'access_token', required: true, type: 'Bearer'}
}}}

And what your backend expect to refresh the token? I see that there is no refresh_token included in response body.

refresh_token is setting into "auth._refresh_token.cookie" Cookie by backend /login endpoint :

• and duplicate into the body response too:

{
   refresh_token: "eyJhbGciOiJIUzUxMiJ9.eyJhdWQiOiIzMDExNmU4N..."
}

My backend expects for refresh token:

• token as body, if not found then -->
• or auth._refresh_token.cookie cookie, if not found then -->
• or refresh_token cookie or header

Is there a mistake in my nuxt.config.js or with cookie strategy I don't need it:

refreshToken: {property: 'refresh_token'},

@steklopod I'm happy to know it helped! :)

If the refresh token is included in the response body, then it's all ok. Just would recommend setting the maxAge of refresh token as well.

Is it all working as expected now?
You can add me on discord, so we can talk easier Joao Pedro AS51#1284

Just a note: As your backend needs an authorization header, we are not using "cookie flow". The cookie scheme would disable the token/authorization header and would not have refresh feature.
So for your case, I believe the correct setup is the refresh scheme, which is the one you're currently using.

@steklopod Actually, you just need to add one more thing if you need authorization header for refresh request:

refreshToken: {
  property: 'refresh_token',
  tokenRequired: true // <- Add the authorization header to refresh request
}

Closing here, due to inactivity. Feel free to reopen if the issue persist.