Thanks. Yes, it works well, you just need to check for the cookie in the nuxtServerInit function. As for airlock, I haven't tried it, but I assume that same flow would be applied.
Trying to work this out with SSR (Universal) flow (everything worked great for SPA). When I make the original login call I get back the x-access-token, but the refresh_token is only listed in the Response/Request headers. I can set the x-access-token into cookie storage, but I'm not sure where the refresh_token ends up (can't seem to access it)
Once the time on the x-access-token expires, a page refresh or change triggers the refreshToken call, but the refresh_token is not set as a cookie for that call back to the server, and then I get the 403.
I suppose I'm supposed to store the refresh_token as a cookie - but not sure how to even get it when it comes in. It seemed like SPA just kept it around...
You shouldn't store the refresh_token anywhere, it should be httponly cookie. As the name suggests, the refresh_token should be used for refreshing the access_token once it's expired.
OK - yeah, with SSR on the /api/refresh_token call, I'm getting a 500 - a Undefined property: stdClass::$refresh_token error in the ProxyRequest controller. It gets all the way to makePostRequest but then fails here: $this->setHttpOnlyCookie($resp->refresh_token);
With dev tools, I can see the refresh_token listed under Request Cookies, but it doesn't seem to be going up with the request (axios log doesn't list it)
Almost got this working - still Request is malformed - getting these two errors: Laravel\Passport\Exceptions\OAuthServerException
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
ErrorException
Undefined property: stdClass::$refresh_token
and yes - following your code above explicitly:
$proxy = \Request::create('oauth/token', 'post', $params);
$resp = json_decode(app()->handle($proxy)->getContent());
I'm having exact same issues now. Driving me mad - cannot figure out how to resolve it - any help?
And yes, I followed the tutorial 100% same.
EDIT: FOUND THE ISSUE!
seems like the .env wasn't configured properly - make sure the following exists:
PASSWORD_CLIENT_ID=2
PASSWORD_CLIENT_SECRET={secret_created_by_passport_in_step_1}
Thanks. Yes, it works well, you just need to check for the cookie in the
nuxtServerInitfunction. As for airlock, I haven't tried it, but I assume that same flow would be applied.Trying to work this out with SSR (Universal) flow (everything worked great for SPA). When I make the original
logincall I get back thex-access-token, but therefresh_tokenis only listed in the Response/Request headers. I can set thex-access-tokeninto cookie storage, but I'm not sure where therefresh_tokenends up (can't seem to access it)Once the time on the
x-access-tokenexpires, a page refresh or change triggers therefreshTokencall, but therefresh_tokenis not set as a cookie for that call back to the server, and then I get the 403.I suppose I'm supposed to store the
refresh_tokenas a cookie - but not sure how to even get it when it comes in. It seemed like SPA just kept it around...You shouldn't store the
refresh_tokenanywhere, it should behttponlycookie. As the name suggests, therefresh_tokenshould be used for refreshing theaccess_tokenonce it's expired.OK - yeah, with SSR on the
/api/refresh_tokencall, I'm getting a 500 - aUndefined property: stdClass::$refresh_tokenerror in the ProxyRequest controller. It gets all the way tomakePostRequestbut then fails here:$this->setHttpOnlyCookie($resp->refresh_token);With dev tools, I can see the refresh_token listed under Request Cookies, but it doesn't seem to be going up with the request (axios log doesn't list it)
Hmm, if the refresh_token is in the Request Cookies, it should work fine. Do you
json_decodethe response?Almost got this working - still Request is malformed - getting these two errors: Laravel\Passport\Exceptions\OAuthServerException
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
ErrorException
Undefined property: stdClass::$refresh_token
and yes - following your code above explicitly:
$proxy = \Request::create('oauth/token', 'post', $params);
$resp = json_decode(app()->handle($proxy)->getContent());
I can't help you unless I see your code :(
However, you can check the github links:
and make sure that your code matches.
Got it....Clear those old cookies people, lest you spend hours chasing your tail. (Refresh tokens are set for longer periods...)
I'm having exact same issues now. Driving me mad - cannot figure out how to resolve it - any help?
And yes, I followed the tutorial 100% same.
EDIT: FOUND THE ISSUE!
seems like the .env wasn't configured properly - make sure the following exists:
PASSWORD_CLIENT_ID=2
PASSWORD_CLIENT_SECRET={secret_created_by_passport_in_step_1}
Yes, I mention that in the post, I guess you missed that part :D