This is fantastic! Thanks so much for posting. Any thoughts on modifying this because of Laravel Airlock? I assume this approach works well for SSR Nuxt (Universal) too...
Thanks. Yes, it works well, you just need to check for the cookie in the nuxtServerInit function. As for airlock, I haven't tried it, but I assume that same flow would be applied.
Trying to work this out with SSR (Universal) flow (everything worked great for SPA). When I make the original login call I get back the x-access-token, but the refresh_token is only listed in the Response/Request headers. I can set the x-access-token into cookie storage, but I'm not sure where the refresh_token ends up (can't seem to access it)
Once the time on the x-access-token expires, a page refresh or change triggers the refreshToken call, but the refresh_token is not set as a cookie for that call back to the server, and then I get the 403.
I suppose I'm supposed to store the refresh_token as a cookie - but not sure how to even get it when it comes in. It seemed like SPA just kept it around...
You shouldn't store the refresh_token anywhere, it should be httponly cookie. As the name suggests, the refresh_token should be used for refreshing the access_token once it's expired.
OK - yeah, with SSR on the /api/refresh_token call, I'm getting a 500 - a Undefined property: stdClass::$refresh_token error in the ProxyRequest controller. It gets all the way to makePostRequest but then fails here: $this->setHttpOnlyCookie($resp->refresh_token);
With dev tools, I can see the refresh_token listed under Request Cookies, but it doesn't seem to be going up with the request (axios log doesn't list it)
Almost got this working - still Request is malformed - getting these two errors: Laravel\Passport\Exceptions\OAuthServerException
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
ErrorException
Undefined property: stdClass::$refresh_token
and yes - following your code above explicitly:
$proxy = \Request::create('oauth/token', 'post', $params);
$resp = json_decode(app()->handle($proxy)->getContent());
I'm having exact same issues now. Driving me mad - cannot figure out how to resolve it - any help?
And yes, I followed the tutorial 100% same.
EDIT: FOUND THE ISSUE!
seems like the .env wasn't configured properly - make sure the following exists:
PASSWORD_CLIENT_ID=2
PASSWORD_CLIENT_SECRET={secret_created_by_passport_in_step_1}
This is fantastic! Thanks so much for posting. Any thoughts on modifying this because of Laravel Airlock? I assume this approach works well for SSR Nuxt (Universal) too...
Thanks. Yes, it works well, you just need to check for the cookie in the
nuxtServerInit
function. As for airlock, I haven't tried it, but I assume that same flow would be applied.Trying to work this out with SSR (Universal) flow (everything worked great for SPA). When I make the original
login
call I get back thex-access-token
, but therefresh_token
is only listed in the Response/Request headers. I can set thex-access-token
into cookie storage, but I'm not sure where therefresh_token
ends up (can't seem to access it)Once the time on the
x-access-token
expires, a page refresh or change triggers therefreshToken
call, but therefresh_token
is not set as a cookie for that call back to the server, and then I get the 403.I suppose I'm supposed to store the
refresh_token
as a cookie - but not sure how to even get it when it comes in. It seemed like SPA just kept it around...You shouldn't store the
refresh_token
anywhere, it should behttponly
cookie. As the name suggests, therefresh_token
should be used for refreshing theaccess_token
once it's expired.OK - yeah, with SSR on the
/api/refresh_token
call, I'm getting a 500 - aUndefined property: stdClass::$refresh_token
error in the ProxyRequest controller. It gets all the way tomakePostRequest
but then fails here:$this->setHttpOnlyCookie($resp->refresh_token);
With dev tools, I can see the refresh_token listed under Request Cookies, but it doesn't seem to be going up with the request (axios log doesn't list it)
Hmm, if the refresh_token is in the Request Cookies, it should work fine. Do you
json_decode
the response?Almost got this working - still Request is malformed - getting these two errors: Laravel\Passport\Exceptions\OAuthServerException
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
ErrorException
Undefined property: stdClass::$refresh_token
and yes - following your code above explicitly:
$proxy = \Request::create('oauth/token', 'post', $params);
$resp = json_decode(app()->handle($proxy)->getContent());
I can't help you unless I see your code :(
However, you can check the github links:
and make sure that your code matches.
Got it....Clear those old cookies people, lest you spend hours chasing your tail. (Refresh tokens are set for longer periods...)
I'm having exact same issues now. Driving me mad - cannot figure out how to resolve it - any help?
And yes, I followed the tutorial 100% same.
EDIT: FOUND THE ISSUE!
seems like the .env wasn't configured properly - make sure the following exists:
PASSWORD_CLIENT_ID=2
PASSWORD_CLIENT_SECRET={secret_created_by_passport_in_step_1}
Yes, I mention that in the post, I guess you missed that part :D