Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Refresh not triggered if the access token is not also known, which limits its purpose #902

Closed
wants to merge 3 commits into from

Conversation

cip8
Copy link
Contributor

@cip8 cip8 commented Sep 6, 2024

πŸ”— Linked issue

#890 [second part]

❓ Type of change

  • πŸ“– Documentation (updates to the documentation, readme or JSdoc annotations)
  • 🐞 Bug fix (a non-breaking change that fixes an issue)
  • πŸ‘Œ Enhancement (improving an existing functionality like performance)
  • ✨ New feature (a non-breaking change that adds functionality)
  • 🧹 Chore (updates to the build process or auxiliary tools and libraries)
  • ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

πŸ“š Description

The refresh logic should be triggered if the refresh token is known.

Some backends might require both tokens for a refresh, but this is not default behavior.

Refresh tokens are long-lasting and usually expire after access tokens, so requiring both for a successful refresh should be optional.

πŸ“ Checklist

  • I have linked an issue or discussion.
  • I have added tests (if possible).
  • I have updated the documentation accordingly.

…lly send auth token too for the backends that might require it.
Copy link

pkg-pr-new bot commented Sep 6, 2024

Open in Stackblitz

pnpm add https://pkg.pr.new/@sidebase/nuxt-auth@902

commit: f8ca293

@cip8
Copy link
Contributor Author

cip8 commented Sep 6, 2024

Fix is incomplete - logout doesn't clear refresh cookie so the user re-authenticates on each visit.
Will update soon.

@cip8
Copy link
Contributor Author

cip8 commented Sep 6, 2024

Tested with my local setup, everything works fine now.

Comment on lines -44 to 46
provider.token.signInResponseTokenPointer
)}. Tried to find token at ${provider.token.signInResponseTokenPointer
} in ${JSON.stringify(response)}`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please not apply stylistic changes? Thanks

@@ -57,8 +58,7 @@ export default defineNuxtPlugin({
console.error(
`Auth: string token expected, received instead: ${JSON.stringify(
extractedRefreshToken
)}. Tried to find token at ${
provider.refresh.token.signInResponseRefreshTokenPointer
)}. Tried to find token at ${provider.refresh.token.signInResponseRefreshTokenPointer
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

Comment on lines +92 to +98
useCookie(config.token.cookieName, {
maxAge: 0,
domain: config.token.cookieDomain,
sameSite: config.token.sameSiteAttribute,
secure: config.token.secureCookieAttribute,
httpOnly: config.token.httpOnlyCookieAttribute
}).value = null
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've been trying to understand why is this required - could you please clarify that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

coding is hard! for skill issues, use chatgpt

@einz-loggik
Copy link

@cip8 Whats your status on this? Would love to see this merged because it should fix the problem with automatic logout if the access token reached EOL.

@cip8
Copy link
Contributor Author

cip8 commented Dec 6, 2024

Hey @einz-loggik πŸ‘‹

Yeah, I’d really like to see this merged as well - but I’ve decided to move on from contributing to this project.

I’ve created my own fork and use it for my projects instead.

The incredibly long wait times for reviews & some challenges with its maintainers just don't align with how I like to work.

Good luck πŸ’™πŸ––

@cip8 cip8 closed this Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants