DEV Community

loading...

Discussion on: Secure authentication in Nuxt SPA with Laravel as back-end

Collapse
abronson07013635 profile image
ABronson

Hi, this is a really great tutorial, any chance you would go into this part in a bit more detail, with refreshing the token in window.onNuxtReady()? I did a version which checks if x-access-token is set similar to the middleware, and then does router push to '/', but it's quite choppy and not sure how secure. Would be a nice addition to the post. Thanks!!!

Thread Thread
stefant123 profile image
StefanT123 Author

I'm not sure if that requires whole new post, but maybe I'll do part 2 in addition to this post. Basically what you need to do is this:

  1. when the user log in, persist the user in the cookies (maybe use vuex-persisted state library)
  2. get the user from the store if it exists, if not, check in the cookies
  3. in the window.onNuxtReady() check if user is set in the vuex AND there isn't x-access-token in the cookies
  4. dispatch the action for refreshing the token
Thread Thread
orenlande profile image
orenlande

I'd love to see how you apply it on code - having the same issues right now more or less. I want the user to stay logged on refresh.

Thread Thread
binumathew profile image
Binu Mathew

I am also got the similar error, get logout everytime i do a refresh, any option ?

Thread Thread
stefant123 profile image
StefanT123 Author

Once a user has logged in, you should put user_id in the cookies. Then make a plugin that will check if the user exists and x-access-token does not exist, if these conditions are true, then you should dispatch an action to refresh the token.

export default function ({store}) {
  window.onNuxtReady(() => {
    let token = clientCookies.get('x-access-token');
    let user = clientCookies.get('user_id');

    if (user && ! token) {
      store.dispatch('auth/refreshToken')
        .catch(errors => {
          store.dispatch('auth/signUserOut');
        });
    }
  });
}
Thread Thread
alexwu66922308 profile image
Alex Wu

This doesn't seem to work for me, does this work for anyone else? It STILL signs me out every time I refresh the page. very annoying