New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Token is stored with prefix in cookie and localstorage #113

Closed
javialon26 opened this Issue Apr 3, 2018 · 3 comments

Comments

Projects
None yet
3 participants
@javialon26

javialon26 commented Apr 3, 2018

Version

v4.0.0

Reproduction link

https://nuxt-auth.herokuapp.com/

Steps to reproduce

  1. Login using "local" scheme.
  2. Check localstorage and cookies and you see the token with the prefix Bearer.
  3. Try to do a request with axios.
  4. The Authorization header will have 2 prefix and the token, ex: Bearer Bearer ........
  5. The request will fail beacause the authorization header is invalid.

What is expected ?

The token must be saved without the prefix because the setToken helper of axios module already set the prefix.

What is actually happening?

The token is saved with the prefix and all future request made by axios has an invalid authorization header.

  • The fetchUser method of the module has the correct authorization header because builds it own header, because of this the login process is okey, you can see this in /lib/auth/auth.js file line 251.

Additional comments?

You can see this issue in the demo site, check the localstorage "auth._token.local" key after login and "auth._token.local" cookie:
https://nuxt-auth.herokuapp.com/

This bug report is available on Nuxt.js community (#c81)

@cmty cmty bot added the cmty:bug-report label Apr 3, 2018

@breakingrobot

This comment has been minimized.

Member

breakingrobot commented Apr 3, 2018

@javialon26 Hi !

Thank you for your bug report, confirmed as a bug on the demo site using the following command while logged in:

$nuxt.$axios.get('api/auth/user');

This will automatically returns the following:

UnauthorizedError: Format is Authorization: Bearer [token]

As the request headers are composed by an invalid Authorization header:

Authorization: Bearer Bearer token

This is most likely related to this, I think the token is passed with "Bearer " and then set again with axios-module with this.$auth.ctx.app.$axios.setToken(token, this.options.tokenType)

"Bearer" is set by this on lib/core/auth.js here:

setToken (strategy, token) {
    const _key = this.options.token.prefix + strategy

    return this.$storage.setUniversal(_key, token)
  }
@breakingrobot

This comment has been minimized.

Member

breakingrobot commented Apr 3, 2018

Fixed on #115 - Will be available soon 👍

@linda8167

This comment has been minimized.

linda8167 commented Apr 9, 2018

Wait for updates。。。。How I delete the prefix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment