Can't log in again after some idle time. It not giving any error and APIs is OK

[samirmhsnv]

when log in was successful after making the site idle for 15-20 minutes it logs out me. When I try to log in again, it doesn't matter Login and User API are returning access_token and user data. Both requests are 200. But auth module not changing anything. When I clear the Local storage. Everything is working perfectly.

Version

module: 5.0.0-1616003482.75c20e6
nuxt: ^2.15.3

Nuxt configuration

mode:

• universal
• spa

Nuxt configuration

auth: {
    strategies: {
      laravelJWT: {
        provider: 'laravel/jwt',
        url: process.env.BASE_URL,
        endpoints: {
          login: {
            url: '/api/user',
            method: 'post',
          },
          logout: {
            url: '/api/user',
            method: 'delete',
          },
          refresh: {
            url: '/api/user',
            method: 'patch',
          },
          user: {
            url: '/api/user',
            method: 'get',
          },
        },
        token: {
          property: 'body.access_token',
          maxAge: 60 * 60 * 4, // 4 hours
        },
        user: {
          property: 'body',
        },
        refreshToken: {
          maxAge: 20160 * 60, // 2 weeks
        },
      },
    },
  },

Axios configuration

axios: {
    proxy: true,
    baseURL: process.env.BASE_URL + '/api',
    browserBaseURL: process.env.BASE_URL + '/api',
    prefix: 'api',
    retry: true,
    https: process.env.NODE_ENV === 'production',
    debug: process.env.NODE_ENV !== 'production',
  },

proxy: {
    '/api': {
      target: process.env.API_PROXY,
      pathRewrite: { '^/api': '/v1/u-side' },
      changeOrigin: true,
    },
  },

Reproduction

⚠️ without a minimal reproduction we won't be able to look into your issue

What is expected?

make isLoggedIn true when successfully get token from login.

What is actually happening?

1. I make successfully login
2. Making some route changes
3. Waiting 10-15 minutes
4. It logged out me.
5. When I try to login again Login API is 200 with the token, and User API is 200 with the body. But not logging in. Just click Log in button and Step 5 is repeating again and again.

Steps to reproduce

Additional information

Checklist

• I have tested with the latest Nuxt version and the issue still occurs
• I have tested with the latest module version and the issue still occurs
• I have searched the issue tracker and this issue hasn't been reported yet (I am not sure this issue is related to my bug but I found this: Why @nuxt/auth-next doesn't fetch user automatically after successfully login? #1099.)

Steps to reproduce

Clearing the Local storage helps to log in again.

What is expected?

Not log out if the token is still alive and login successfully again.

[fahmiegerton]

Upvote, me too. Shouldn't be auto refresh (if enabled) or if it disabled, redirect to home path specified in redirect prop if that prop is enabled?. I suspect that the module clear the token after the time that token is expired (maybe from this auth._refresh_token_expiration.[strategy used]) ?. Because I have another project that the token expire in one day and no issue occurred.

Oh, and @samirmhsnv , is your nuxt app type is ssr or spa? mine with the same problem is spa. Idk if it's related or not.

[samirmhsnv]

@JoaoPedroAS51

I found something strange

SecurityError: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.

This error was thrown when my login loop happened.

But it not shown in the browser.

I can see this error on Sentry Reports.

You can check: https://sentry.io/share/issue/452fa213d59a4401a0ca361a9a081b46/

This is Chrome related problem OK but why that loop happens sometimes and sometimes not.

Ref: https://www.chromium.org/for-testers/bug-reporting-guidelines/uncaught-securityerror-failed-to-read-the-localstorage-property-from-window-access-is-denied-for-this-document

This bug is not my browser related I'm sure. Some of our QAs reported similar bugs too.

[JoaoPedroAS51]

Hi @samirmhsnv! I'm so sorry for taking so long to respond. Were you able to solve this issue?

[sts-ryan-holton]

I'm getting a similar issue @JoaoPedroAS51, I'm using the Laravel JWT scheme, and my API exposes a refresh endpoint that's publically available, my access token is set for a 1 hour expiry, and my refresh token is set for a 6 month expiry, but occassionally for some reason when I don't use the app often, I'll load it up and I'll be logged out, my api is up and there's no errors in Sentry (I've got Sentry installed), what's wrong here?

My config is:

  // Auth: https://auth.nuxtjs.org/ (v5)
  auth: {
    cookie: false,
    redirect: {
      login: '/account/login/',
      logout: '/account/login/',
      callback: '/account/login/',
      home: '/account/beams/'
    },
    strategies: {
      'laravelJWT': {
        provider: 'laravel/jwt',
        url: process.env.API_URL || 'https://api.projectbeacon.co.uk',
        endpoints: {
          login: { url: '/api/account/login', method: 'post', propertyName: 'access_token' },
          refresh: { url: '/api/account/refresh', method: 'post', },
          logout: { url: '/api/account/logout', method: 'post' },
          user: { url: '/api/account', method: 'get', propertyName: 'user' }
        },
        user: {
          property: 'user',
          autoFetch: true
        },
        token: {
          property: 'access_token',
          maxAge: 60 * 60 // 60 mins, see api env
        },
        refreshToken: {
          maxAge: 200 * 86400 // 200 days (6.5 months), see api env
        }
      }
    }
  },

[sts-ryan-holton]

I'm also noticing in my api logs that there's a 500 error on the refresh endpoint, no idea why:

"POST /api/account/refresh HTTP/1.1" 500

[samirmhsnv]

My solution was writing login engine separately