-
-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPA refresh to login #24
Comments
What version are you using? On Sep 16, 2016 07:54, "Luuk Hoeben" notifications@github.com wrote:
|
oh sorry.. forgot to tell you that. I'm using |
Ok, when you refresh, do you see any requests being made, to fetch a user or anything like that? I'm suspecting there is an issue with the tokens from the server being invalid, which would then kick you back to the login |
Ehm yeah I see the refresh request but no additional user request.. I use the laravel tymonsdesigns/jwt-auth plugin.. Also when I login (without the refresh, so I can get to everything still) the I just return a json response with the user for the user route, as for the refresh route, It is in the headers but I also return it as json edit: When I refresh, I get a token back, when I look in my localstorage, the token also updated there. |
Hmm, so when do the login, you get a token right. So can you try taking that token (from the response) and do the call manually through a REST client directly to the api. Also note that I have a demo server up that uses Laravel and the same plugin here that might help if the issue is on the api end. |
I think theres something wrong on the api side.. Tho I was looking at the refresh function in your api.. It doesn't refresh the token, or does it?
|
I gave a different response back, that's fixed now.. I can fetch the user correctly now, only thing is the refresh still kicks me back to the login page.. just implemented it the same way as you did in the example. ( It refreshes it in the localstorage still, and I get a different one back then I sent but somehow still invalid or something) edit: this is what I currently have in the refresh route:
|
Ya, so the vue-auth module has some hooks to auto detect anytime a proper header a return parameter is set, so you can actually inject a token at any time during one of the auth calls and it would pick it up. However in your case it seems the tokens are getting invalidated. You should really be testing outside the plugin manually. For instance it just happens to be the On a side note, you may also want to check the JWT settings, I remember having some weird issues on that end as well. I think I had to set In
In
|
I'll try that and I'll try to test it outside of the plugin. Thanks for the help and patience so far 😄 I'll let you know what it was when I find it! |
I don't get it, I just installed your example server, changed all the endpoints to match and it still did exactly the same thing.. Do you have any idea what I can do to debug or fix this? .. sorry bit of a newbie on JWT auth as you can tell 😞 |
Well what does the response say when the refresh occurs? On Sep 16, 2016 13:26, "Luuk Hoeben" notifications@github.com wrote:
|
I've got this:
in my routes file just like in your example.. In the middleware everything is okay so it returns
When I then look in my localstorage there's this |
Ok, sonic you take that token and make a request it works? On Sep 16, 2016 14:30, "Luuk Hoeben" notifications@github.com wrote:
|
You mean if I manually paste it in httpie to the refresh route for example, if I get a success status and a new one back? That I do. I just get a new one and the success message described in the route. |
Ok, so can you try taking that same token and make a few different requests On Sep 17, 2016 05:11, "Luuk Hoeben" notifications@github.com wrote:
|
Yes I can, If I take the refreshed token and I make a get request to the /user page (so I should get the user information) I get a edit: also if I take the token I got at login, it also says |
Hmm, do you think you could zip up your code and send it to me... On Sep 17, 2016 07:48, "Luuk Hoeben" notifications@github.com wrote:
|
Sure, I've sent it to your email. |
On Sep 17, 2016 12:21, "Luuk Hoeben" notifications@github.com wrote:
|
Okay, I've sent it to rob@websanova.com :) |
I've cleaned up some now in my application, set the http root just like in your example but it still doesn't work (not that I expected that). I have a question tho, I saw these context properties in every view, and the fact that you named your routes, do you think that could have effect on this issue? |
Well it could, not sure how tour routes are setup. On Sep 19, 2016 10:02 PM, "Luuk Hoeben" notifications@github.com wrote:
|
What does the context property do in your example tho? just for the console log? |
It's just demo, to make sure funds are getting proper context from calling On Sep 20, 2016 01:09, "Luuk Hoeben" notifications@github.com wrote:
|
hmm, when I try your demo app and set it to my test api, it says: with my electron app it works to login but not to refresh, is it possible this only works the way I want over https? |
Yes, could be, usually https is required for this party api. But depends On Sep 20, 2016 2:18 AM, "Luuk Hoeben" notifications@github.com wrote:
|
So how can I set if up to work using http for now? Because I'm working locally to test the api aswell. |
I would think that has nothing to do with plugin. On Sep 20, 2016 13:31, "Luuk Hoeben" notifications@github.com wrote:
|
true, I'll try to push it up to my server for testing and hopefully it works with https. If it doesn't I'll let you know. edit: no.. even on https it doesn't work, kicks me right back to the login page with a new token. But when I try to make a request with another client the tokens still work so I think there is still something wrong.. It's weird because I think I have everything the same as you now in my client, except you have an App.vue and I have just put the content of that in my index.html, could that be it or do you think it's something else? |
Really not sure without seeing some code. |
Haven't you got the code I sent you? I've sent it to the e-mail address you gave me, maybe in your spamfolder? |
Nope, didn't get anything. |
I'll send it again :) |
Ok, got it now, will take a look. |
Thanks! Have you found anything wrong? |
lol, did you zip up the entire node_modules folder? There is like thousand files in there... Anyway, this thread is quite old and there have been updates made. I suggest you make sure all your vue packages are all fully updated first. If you still want to send a sample of your code just put something up on GH for me instead please. |
haha no I didn't include the node_modules.. but there are 2 projects in that folder (the API and the frontend electron app). I'll try to update when I get home and I'll update you on what it does then :). |
Any luck? btw the package is at |
Oh hey I'm sorry, I've kind of forgotten about this project for a bit because I got frustrated that I couldn't get it to work, but I'll pick it back up then :) I've updated the package to |
API: https://github.com/luukhoeben/rmi-app-api |
Hey, Have you had a chance to look at it yet? I'm curious to what I do wrong. Thanks! 😄 |
bump! Just wondered why vue-auth does not use fresh token, that received from /refresh endpoint in /user request. It uses old (blacklisted) token instead. Probably, bug here. |
More than likely your /user request went out before the /refresh request and/or response was received. I thought it was a bug too but then realized it really ought to be on the API to allow old tokens some grace period incase a refresh is pending when other requests come in. |
yeah, but, if my tab is a bit stale, and then i click cmd+R -- i got 401 on /user request, because of the stale token. Click cmd+R again -- and all is OK! I think the solution is to wait for /refresh response and use right token |
When vue-auth launches it fires a refresh request, immediately followed by your user request, so that's the issue. I do agree that it would probably make sense for the app to wait for its refresh request to complete before allowing other requests to fire but I'm not sure of the amount of work required for that. |
Just override routerBeforeEach callback.
Will @websanova approve pr if i'll create one? |
Are you using the $auth.ready() method? On Nov 23, 2016 00:51, "Vitaliy Krasnoperov" notifications@github.com
|
Also the thing with the refresh/user firing at same time is because stale You just happen to see it with the fetch user, but even running them in We could say the app will only refresh the token once at the beginning but I think one couple options here are to allow it to allow the user call to Another option would be to have a flag to run it in sync. But this also On Nov 23, 2016 16:13, "Rob" rob@websanova.com wrote: Are you using the $auth.ready() method? On Nov 23, 2016 00:51, "Vitaliy Krasnoperov" notifications@github.com
|
Any updates here? If not will close this off. |
Are you using the latest version?
…On Jan 15, 2017 6:19 AM, "Roman" ***@***.***> wrote:
@websanova <https://github.com/websanova> Same here for me. I use SPA and
when I reload the web page /refresh and /user requests are sent but /user
request fails(token_invalid) Because of /user request was sent with the
token blacklisted before. Why this isn't happens with demo app?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#24 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABkcy6nadlqM35Me60l3PgWDOFPpNwsrks5rSVf1gaJpZM4J-3J5>
.
|
@websanova Thank you for answer. Yes, I used the latest version. I solved my issue by using beta version of |
You can also read my notes in the docs about this.
https://github.com/websanova/vue-auth/blob/master/README.md#token-refresh
…On Jan 15, 2017 8:45 AM, "Roman" ***@***.***> wrote:
@websanova <https://github.com/websanova> Thank you for answer. Yes, I
used the latest version. I solved my issue by using beta version of
tymon/jwt-auth plugin which adds blacklist_grace period.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#24 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABkcy9MqKchmn1AWHFZZGlnxKWh0Pvsvks5rSXo8gaJpZM4J-3J5>
.
|
Hey,
Got a question, everytime I log in on my SPA (where I use your package) I go to the protected redirect route and then I can do everything I want/need, but then when I refresh it refreshes the token and sends me back to the login screen..
Can you help me with that? (if I need to give aditional information or something just tell me what you need)
Thanks in advance :)
The text was updated successfully, but these errors were encountered: