Hi! Thanks for the article! One thing to note though -- will refreshing part work in universal mode (SSR) after page reload?
Let's imagine that you're authenticated and reading some page with auth middleware for 5 minutes (for access token to expire). Then you click refresh button in browser and several things will happen:
You refreshToken.js middleware will not work (because it will be fired from node.js server which has no refresh_token cookie, this cookie only available in browser) -- so you'll get "unauthenticated"
If you use asyncData or fetch to retrieve some data against auth middleware in laravel - you actually will not be able to do so either (also because there isn't refresh_token cookie in node.js)
Actually if user visits auth page after access_token expiration then he will be logged out too. (For example if user tries to visit auth page on the next day or event after one hour)
Yes, I haven't covered that in this post, but I have posted a solution for this in the comments, here's a link. I think I should write a short post on this subject.
Yes, I saw this comment, but I don't understand how it will solve the problems (okay, it may solve the first problem I described, but not the second -- which is most important).
I think if you store refresh_token in cookie -- there is no way to use asyncData or fetch on api routes protected by auth middleware, because we have to do requests from node.js server for asyncData and fetch to work and we will be unauthenticated because of expired access_token and having no way to refresh it from node.
I never tested it like that, but I use SSR only for SEO optimization, so if some content needs authentication, then in my case it doesn't need to be server-side rendered. But I have an idea how to get it to work, I'll try it as soon as I can.
Hi, I'm exactly stuck in this scenario. In this post Laravel httpOnly cookie is useless. because the author saving a cookie in frontend instead of using that httpOnly cookie. Ofcause, the author can't! Because when calling client-side HTTP request, httpOnly cookie which server sent, does not persistently save in the browser. Nuxt also cannot create httpOnly cookie even if it running on NodeJs! I have search about this issue and Nuxt authors are not capable to do that. github.com/nuxt-community/auth-mod...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi! Thanks for the article! One thing to note though -- will refreshing part work in universal mode (SSR) after page reload?
Let's imagine that you're authenticated and reading some page with auth middleware for 5 minutes (for access token to expire). Then you click refresh button in browser and several things will happen:
refreshToken.jsmiddleware will not work (because it will be fired from node.js server which has no refresh_token cookie, this cookie only available in browser) -- so you'll get "unauthenticated"asyncDataorfetchto retrieve some data against auth middleware in laravel - you actually will not be able to do so either (also because there isn't refresh_token cookie in node.js)Actually if user visits auth page after access_token expiration then he will be logged out too. (For example if user tries to visit auth page on the next day or event after one hour)
Any way to get around these things?
Yes, I haven't covered that in this post, but I have posted a solution for this in the comments, here's a link. I think I should write a short post on this subject.
Thanks for the response!
Yes, I saw this comment, but I don't understand how it will solve the problems (okay, it may solve the first problem I described, but not the second -- which is most important).
I think if you store refresh_token in cookie -- there is no way to use
asyncDataorfetchon api routes protected by auth middleware, because we have to do requests from node.js server for asyncData and fetch to work and we will be unauthenticated because of expired access_token and having no way to refresh it from node.I never tested it like that, but I use SSR only for SEO optimization, so if some content needs authentication, then in my case it doesn't need to be server-side rendered. But I have an idea how to get it to work, I'll try it as soon as I can.
Hmm, you're right actually... It doesn't make much sense to use asyncData() on auth pages.
But it would be nice to hear your idea about this case anyway )
Hi, I'm exactly stuck in this scenario. In this post Laravel httpOnly cookie is useless. because the author saving a cookie in frontend instead of using that httpOnly cookie. Ofcause, the author can't! Because when calling client-side HTTP request, httpOnly cookie which server sent, does not persistently save in the browser. Nuxt also cannot create httpOnly cookie even if it running on NodeJs! I have search about this issue and Nuxt authors are not capable to do that. github.com/nuxt-community/auth-mod...