Source Code

local is the default, credentials/token based scheme for flows like JWT.

By default local scheme is enabled and preconfigured. You can set strategies.local to false to disable it.

Usage

To do a password based login by sending credentials in request body as a JSON object:

<template>
    <div>
        <form @submit.prevent="userLogin">
        <div>
            <label>Username</label>
            <input type="text" v-model="login.username" />
        </div>
        <div>
            <label>Password</label>
            <input type="password" v-model="login.password" />
        </div>
        <div>
            <button type="submit">Submit</button>
        </div>
        </form>
    </div>
</template>

<script lang="ts" setup>
const login = reactive({
    username: '',
    password: ''
})

const $auth = useAuth()

async userLogin() {
    try {
        const response = await $auth.loginWith('local', {
            body: login
        })

        console.log(response._data)
    } catch (err) {
        console.log(err)
    }
}
</script>

Backend

You'll need a backend server that implement the basics of authentication. As this is very security-sensitive code, we strongly recommend that you use an established authentication library for your backend, too.

The backend will, at minimum, need to handle login and logout. It will also, by default, need to include an endpoint to fetch user information (ID, email, etc). This can be disabled with endpoints.user = false if your frontend doesn't need to know anything about your user. In this case, $auth.user will be {}.

Login

The backend should verify the login credentials, then return a JSON body with the token that the frontend can use to act as this user. The JSON body format is configured in the token section of the local scheme configuration.

TIP: If you want to use cookies instead of token-based authentication, use the cookie scheme.

The entire backend response is passed through to the loginWith response, so you can pass through additional information about the user, e.g. for authorization (which is out of scope of @nuxtjs/auth).

Fetch User

The auth module does not persist information about the user, so there needs to be a way to fetch the user's information on e.g. page reload. That's what the user endpoint is for. By default, this is also called after a successful login.

If user.autoFetch is true (default), then a request to endpoints.user is sent immediately after a successful login. That endpoint should respond with the JSON information for a specific user, which is assigned directly to the user property.

If you'd prefer to return the user's information directly from the login session, configure user.autoFetch to false, fetch the user information from the loginWith response, and pass it in to setUser.

If you want to disable fetching user info entirely, set endpoints.user: false. This will mean the user info endpoint is never called, but will also mean the frontend doesn't know anything about the user; $auth.user will be {}.

Options

Example for a token based flow:

auth: {
    strategies: {
        local: {
            token: {
                property: 'token',
                global: true,
                // required: true,
                // type: 'Bearer'
            },
            user: {
                property: 'user',
                // autoFetch: true
            },
            endpoints: {
                login: { url: '/api/auth/login', method: 'post' },
                logout: { url: '/api/auth/logout', method: 'post' },
                user: { url: '/api/auth/user', method: 'get' }
            }
        }
    }
}

Example for a cookie based flow:

auth: {
    strategies: {
        local: {
            token: {
                required: false,
                type: false,
                httpOnly: false
            },
            endpoints: {
                login: { url: '/api/auth/login', method: 'post' },
            }
        }
    }
}

endpoints

token

user

clientId

grantType

scope