Feature: local strategy refresh #208
Conversation
|
@KonoMaxi very nice! If this can be merged would be great. Auto-refresh token is a missing feature :( |
|
Waiting desperately for this feature. |
|
Just closed #188, because the refresh strategy was not working for multiple ajax requests. The |
|
Since there is no oficial solution, and as i`am using Keycloak Oauth2, just written a temp PLUGIN for @nuxtjs/auth . https://gist.github.com/robsontenorio/d1e56c5bc5bc391ba0791be77419a68c NOTE: the plugin registration must be as described in here (not as a default plugin) |
|
@robsontenorio would you please share your whole solution for using keycloak oauth2? I'm kinda stuck with trying to implement this .. thanx! |
|
Just look my previous comment above. There is a link. It is just a temp solution. It is a plugin not a built-in for auth-module. |
|
|
||
| _tokenRefresh (self) { | ||
| return this.$auth.ctx.app.$axios.post( | ||
| this.options.endpoints.login.url, |
There was a problem hiding this comment.
Could we specify the endpoint as something different via configuration of the options.endpoints?
|
Hello @robsontenorio . I hope you show some compassion towards us and maybe upload a small sample? |
|
@pi0 welcome back! Maybe we get some "auto refresh token mechanism" for upcoming version? Too much requested on local/oauth2 schemes! No sure if this PR has right strategy. But we need something like this. |
|
Should you consider the case of refreshing jwt without using refreshToken? Use the accessToken directly to get the new accessToken. |
|
Would this allow me to set the I would love to see something like this, which would make it possible to allow the refresh endpoint to be customizable, but have a sane default // auth.strategies config
{
local: {
endpoints: {
login: {
url: '/auth/token',
method: 'post',
propertyName: 'data.access_token',
refreshPropertyName: 'data.refresh_token' // new?
},
refresh: { // new?
url: '/auth/token',
method: 'post',
propertyName: 'data.refresh_token'
}
},
refreshToken: true // new?
}
} |
Hi @ryanwinchester, I just sent a PR based on @KonoMaxi system, that will allow endpoint configuration. If you want, you can use my fork https://github.com/JoaoPedroAS51/auth-module :D UsageSet Example: |
|
Thanks for the fundamental work! We are continuing in #361 |
Hello maintainers,
at first: thank you for this well documented authentication module! The general quality of documentation and the number of examples in the Nuxt world really makes me a happy dev.
Now to my PR: I saw #188 by robsontenorio and he mentioned that refreshing for the local strategy would be similar efforts.
As I currently use the local-scheme to authenticate against my rails-doorkeeper oauth2-api with 'password'-flow I started developing on this feature.
I noticed that @robsontenorio 's onRequest-way has a serious drawback: My App fires like 2-3 parallel requests when I switch a page. His onRequest-axios-handler will initiate the refresh on the first request, but all requests afterwards (until the refresh is finished) will 401 as they saw the "isRefreshing"-flag and just continue execution.
So I decided to go with a simple setInterval for starters which will refresh the session as long as the user has his browser window open. To mitigate 401s (and just be on the save side) I calculate the interval to be 75% of the tokens lifetime.
I extended the configuration of the local-scheme by a new option: refresh_token. It defaults to "false" which means no refreshing is gonna happen. In case it's set (e.g. 'refresh_token_name') the refreshing-mechanism will jump into action and look for a refresh_token with the specified name next to the access_token on login.