DEV Community

Discussion on: Secure authentication in Nuxt SPA with Laravel as back-end

Collapse
 
thond1st profile image
thond1st

This is a very usefull tutorial. I have implemented this in our prototype project but one of my colleague is complaining when the page is refreshed the user is being signed out so he implemented saving the token in the local storage. Am I right that the implementation is SPA so page reload is not needed but how did you circumvent when users try to refresh the page?
Thanks for this tutorial!

Collapse
 
stefant123 profile image
StefanT123

Never save the token in the local storage, if you do, you are exposing your app to potential attacks. If you are using Nuxt.js, you should simply make plugin and put this

export default function ({store}) {
  window.onNuxtReady(() => {
    // refresh the token
  });
}

As stated in the Nuxt.js docs for the plugin:

Nuxt.js allows you to define JavaScript plugins to be run before instantiating the root Vue.js Application.

If you are using some other JS library, check their doocumentation and see how can you run some function before instantiating the root app.

Collapse
 
abronson07013635 profile image
ABronson

Hi, this is a really great tutorial, any chance you would go into this part in a bit more detail, with refreshing the token in window.onNuxtReady()? I did a version which checks if x-access-token is set similar to the middleware, and then does router push to '/', but it's quite choppy and not sure how secure. Would be a nice addition to the post. Thanks!!!

Thread Thread
 
stefant123 profile image
StefanT123

I'm not sure if that requires whole new post, but maybe I'll do part 2 in addition to this post. Basically what you need to do is this:

  1. when the user log in, persist the user in the cookies (maybe use vuex-persisted state library)
  2. get the user from the store if it exists, if not, check in the cookies
  3. in the window.onNuxtReady() check if user is set in the vuex AND there isn't x-access-token in the cookies
  4. dispatch the action for refreshing the token
Thread Thread
 
orenlande profile image
orenlande

I'd love to see how you apply it on code - having the same issues right now more or less. I want the user to stay logged on refresh.

Thread Thread
 
binumathew profile image
Binu Mathew

I am also got the similar error, get logout everytime i do a refresh, any option ?

Thread Thread
 
stefant123 profile image
StefanT123

Once a user has logged in, you should put user_id in the cookies. Then make a plugin that will check if the user exists and x-access-token does not exist, if these conditions are true, then you should dispatch an action to refresh the token.

export default function ({store}) {
  window.onNuxtReady(() => {
    let token = clientCookies.get('x-access-token');
    let user = clientCookies.get('user_id');

    if (user && ! token) {
      store.dispatch('auth/refreshToken')
        .catch(errors => {
          store.dispatch('auth/signUserOut');
        });
    }
  });
}
Thread Thread
 
alexwu66922308 profile image
Alex Wu

This doesn't seem to work for me, does this work for anyone else? It STILL signs me out every time I refresh the page. very annoying