feat(local): add refresh token

[JoaoPedroAS51]

Hi!

First of all, I would like to thank you for this awesome package! It really helps a lot!
I also would like to thank @KonoMaxi for his refresh token system #208, I used it as base to make this one.

So, this PR will add refresh token system to local strategy.

Features:

• Works in SSR mode;
• Use axios interceptor to refresh the token and retry failed requests (401);
• Use axios interceptor to retry requests that conflicted with refresh token requests (401);
• Wait 1s to refresh on mount to avoid request conflicts;
• Default expiration time (configurable) to avoid infinite refresh;
• Strategy configuration;
• Configurable payload;
• Prevent token refresh on mount if user is not logged in;
• Logout locally on mount if token has already expired;
• Uses getProp and $auth.requestWith to maintain same code style as other functions;

Usage

Set _scheme: 'refresh' and configure refresh endpoint in local strategy.

Example:

auth: {
    strategies: {
        local: {
            _scheme: 'refresh',
            defaultExpirationTime: 1800,
            disableAutoRefresh: false,
            grantType: 'refresh_token',
            clientIdProperty: 'client_id', // Set it to false to not add it to payload
            grantTypeProperty: 'grant_type', // Set it to false to not add it to payload
            createdAtProperty: 'created_at',
            expiresInProperty: 'expires_in'
            endpoints: {
                login: {url: '/api/auth/login', method: 'post', propertyName: 'access_token'},
                refresh: { url: '/api/auth/refresh',  method: 'post', propertyName: 'refresh_token'},
                user: {url: '/api/auth/user', method: 'get', propertyName: 'user'},
                logout: { url: '/api/auth/logout', method: 'post'}
            }
        }
    }
},

Note: You don't need to specify each property as listed in example, as they have default values. List of default values below. Also, don't worry about the dots! If you set the property like data.refresh_token, it will automatically use the name after the dot in the payload!

Default values

defaultExpirationTime: 1800,
disableAutoRefresh: false,
grantType: 'refresh_token',
clientIdProperty: 'client_id',
grantTypeProperty: 'grant_type',
createdAtProperty: 'created_at',
expiresInProperty: 'expires_in'
endpoints: {
    refresh: {propertyName: 'refresh_token'}
}

Bug or Suggestion

If you've found any bug or want a new functionality related to this, just make a comment and tag me!

[ryanwinchester]

Thanks,

Will this work if I get 2 tokens from successful login endpoint response that I need to store? access_token and refresh_token?

Also, are propertyName for refresh token and access tokens customizable?
Like in the current login endpoint configuration, I can set propertyName: 'data.access_token'

I can often have authentication responses like:

{
  "data": {
    "access_token": "...",
    "expires_in": 3600,
    "refresh_token": "...",
    "token_type": "Bearer"
  }
}

[JoaoPedroAS51]

@ryanwinchester Yes, the properties are customizable. I've used the name token instead of propertyName because you can also set the expiresIn property. Ah, and if you find any bug, let me know!

refresh: {
    token: 'data.refresh_token',
    expiresIn: 'data.expires_in'
}

[JoaoPedroAS51]

Hi @ryanwinchester, I think I forgot to mention for you to use the develop branch of my fork. Sorry!

[JoaoPedroAS51]

Hi @ryanwinchester, I think I forgot to mention for you to use the develop branch of my fork. Sorry!

Nevermind. You can use dev branch, I merged.

[JoaoPedroAS51]

Hey guys! We have been refactoring the refresh system, and now it has its own scheme. We also moved the endpoint options to scheme. Please, check the updated docs in the top of the page!

[JoaoPedroAS51]

Hey guys! We are now working on another branch and PR. Check it out here #361

We have been improving and refactoring the refresh scheme, so check the new docs at the new PR before update!

The major improvement is the interceptor. Now we intercept the requests instead of the errors. That way we check if the token has expired before send the request and if so, it refreshes the token. So no more 401 errors!

I'm also keeping the branch up to date with the latest releases!

If you guys have any doubt or wanna report an error, just contact me!

Note: This branch will not be updated anymore. Please, use the new one!

[TheAlexLichter]

Closing here as work continues on #361 ☺️ Thanks so far!