v3.1.7

Changes & Additions

TypeScript

• Internal typescript fixes for strategies (v3.1.7)
• Basic descriptions for module options (since v3.1.5)

Auth Core

• Apply Fix for: #106 (v3.1.7) - This allows you to manually disable/enable ssr overriding.
• Allow headers to be set via endpoints for local scheme and its inheritances (since v3.1.6)
• Revert: Pinia needs to be defined in storage in order for the @pinia/nuxt plugin to function properly. Maybe the best option here would be to have the user define their own pinia store then use that internally rather than the module making the store. (since v3.1.5)

nuxt-alt/http

• onUploadProgress/onDownloadProgress added
• fix: $http in nitro getting overridden by nuxt plugin in server instance

v3.1.4

Changes & Additions

After this release I will probably start working on updating the playground to showcase some of the schemes. Also make sure to check out the documentation now that I've got one up and running.

OpenIDConnect

• Account for httpOnly config in ssr scenarios

Refresh

• Apply PR #99

Typescript

• Minor typing updates

---

nuxt-alt/http

• Update module to allow debugging via nitro

v3.1.3: Hotfix

Changes & Additions

Auth Core

• fix: Refresh scheme endpoint body property not existing.

v3.1.2

Changes & Additions

Auth Core

• Enforce the use of a URL with providers that use the local scheme. This is due to the fact that although the node-server preset works without it, other presets don't.
• Moved JS serialization to external package

v3.1.1

Changes & Additions

Auth Core

• Simplify auth request method
• Fix: edge case function use serialization.

Request Handler

• utilize interceptor onX methods (pr: #92)

nuxt-alt/http

• changed underlying @refactorjs/ofetch package to return number when using onX methods.

v3.1.0

Changes & Additions

OAuth2, Local Scheme & Inheritances

• The token and refreshToken property for the scheme includes an httpOnly property that will enable the httpOnly flag on the token and fresh token cookies. This option is disabled by default. (In a later version it will be enabled by default)

• All schemes (custom & built-in) will use a serverHandler if ssr is available to manage the creation of httpOnly cookies and authorization.

• A reset serverHandler has been added to handle the deletion of the httpOnly cookies when logging out/using the reset function

nuxt-alt/http

• A event.$http nitro plugin has been added which works similar to what event.$fetch does, the difference being that it inherits the options of the http module.
• Fixed issue where using $http in nitro would lead to a fetch error.

v3.0.5

Changes & Additions

OAuth2

Introduced new feature - the httpOnly property is available inside of refreshToken for the OaAuth2 scheme. When this is enabled the refresh token if available, will be made into an httpOnly cookie. By default this is disabled as it is experimental.

This option is not available for the access_token for the time being, due to the complexity of the module.

Module Options

tokenValidationInterval - boolean | number - When set to true, the default interval is 1000ms otherwise you can set the interval manually in ms. This will periodically validate the access_token to check if it's expired, this is similar to the resestOnError/resetOnResponseError options, but this is done in an interval.

v3.0.4

Changes & Additions

Storage

Fixed: Issue where using clearNuxtState would make the state undefined so there would be nothing for the watcher to watch. (Issue: #87)

Pinia has been moved to a dynamic module import. (Discussion: #86)

OAuth2

code_challenge_method can be set to false to delete the param as there were some conflicting issues with it being present when it isn't needed for whatever auth implementation that didn't utilize it.

v3.0.3

Changes & Additions

Request Handler

There are cases where you will need to handle auth errors pertaining to the request rather than the auth module itself. For instance, when utilizing the local scheme and you have a non-expiring token, and you revoke the token (in your server) (for whatever reason), the token will still be there in the store manager.

With that said a new option resetOnResponseError has been introduced. This can be a Boolean or a Function. Similar to resetOnError, but this one is for the request handler. As a function it uses 3 arguments: error, auth, and scheme
it would look something like this in your Nuxt config:

auth: {
    //... module options
    resetOnResponseError: (error, auth, scheme) => {
       if (error.response.status === 401) {
           scheme.reset?.()
           auth.redirect('login')
       }
   },
}

The option is disabled by default.

Module Options

Functions within the module options were getting removed due to Nuxt turning them into strings thereby remove functions in the process. This will fix that issue.

Module Options: Redirects

The redirect options can now be defined as functions that returns strings, the function has access to the auth instance and the localePath instance (but this one isnt typed properly so you can use the auth instance to get to Nuxt's context for typing):

auth: {
    //... module options
    redirect: {
        login: (auth, trans) => trans('/login'),
        logout: (auth, trans) => auth.ctx.$localePath('/login'),
        callback: () => '/login',
        home: '/'
    },
}

By default all redirect options goes through localePath if it's available, if you would like to prevent this, turn the property into a function and just return the string.

v3.0.2

Changes & Additions

LoggedIn Watch

Switched to using context instead of useRoute