Source Code

refresh is an extended version of local scheme, made for systems that use token refresh.

You can set scheme to refresh to enable it.

Usage

To do a password based login by sending credentials in request body as a JSON object:

<template>
    <div>
        <form @submit.prevent="userLogin">
        <div>
            <label>Username</label>
            <input type="text" v-model="login.username" />
        </div>
        <div>
            <label>Password</label>
            <input type="password" v-model="login.password" />
        </div>
        <div>
            <button type="submit">Submit</button>
        </div>
        </form>
    </div>
</template>

<script lang="ts" setup>
const login = reactive({
    username: '',
    password: ''
})

const $auth = useAuth()

async userLogin() {
    try {
        const response = await $auth.loginWith('local', {
            body: login
        })

        console.log(response._data)
    } catch (err) {
        console.log(err)
    }
}
</script>

To manually refresh the token:

$auth.refreshTokens()

Options

auth: {
    strategies: {
        local: {
            scheme: 'refresh',
            token: {
                property: 'access_token',
                maxAge: 1800,
                global: true,
                // type: 'Bearer'
            },
            refreshToken: {
                property: 'refresh_token',
                data: 'refresh_token',
                maxAge: 60 * 60 * 24 * 30,
                httpOnly: false
            },
            user: {
                property: 'user',
            // autoFetch: true
            },
            endpoints: {
                login: { url: '/api/auth/login', method: 'post' },
                refresh: { url: '/api/auth/refresh', method: 'post' },
                user: { url: '/api/auth/user', method: 'get' },
                logout: { url: '/api/auth/logout', method: 'post' }
            },
            // autoLogout: false
        }
    }
}

This uses the same config as local, only now it includes a refresh token

refreshToken

Additional Information

Here you configure the refresh token options.

property
property can be used to specify which field of the response JSON to be used for value. It can be false to directly use API response or being more complicated like auth.refresh_token.
data
  • Default: refresh_token
data can be used to set the name of the property you want to send in the request.
maxAge
  • Default: 60 * 60 * 24 * 30
Here you set the expiration time of the token, in seconds. This time will be used if for some reason we couldn't decode the token to get the expiration date. You can set it to false if your refresh token doesn't expire.By default is set to 30 days.
required
  • Default: true
In instances where you do not need the refresh token to perform the refresh, you can assign this option to false. This disables the refreshToken.
tokenRequired
  • Default: false
If enabled, Authorization header won't be cleared before refreshing.
httpOnly
  • Default: false
If set to true, the refresh token will be made into a httpOnly cookie.

Table of Contents