sidebase
diff --git a/‎docs/content/2.configuration/2.nuxt-config.md‎
Lines changed: 22 additions & 6 deletions b/‎docs/content/2.configuration/2.nuxt-config.md‎
Lines changed: 22 additions & 6 deletions
diff --git a/‎src/module.ts‎
Lines changed: 4 additions & 1 deletion b/‎src/module.ts‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/runtime/composables/local/useAuthState.ts‎
Lines changed: 2 additions & 1 deletion b/‎src/runtime/composables/local/useAuthState.ts‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/runtime/composables/refresh/useAuthState.ts‎
Lines changed: 2 additions & 1 deletion b/‎src/runtime/composables/refresh/useAuthState.ts‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/runtime/types.ts‎
Lines changed: 20 additions & 4 deletions b/‎src/runtime/types.ts‎
Lines changed: 20 additions & 4 deletions
@@ -240,12 +240,20 @@ type ProviderLocal = {
  */
  sameSiteAttribute?: boolean | 'lax' | 'strict' | 'none' | undefined,
  /**
- * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+ * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
+ *
+ * @default false
+ * @example true
+ */
+ secureCookieAttribute?: boolean,
+ /**
+ * The cookie domain.
+ * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
  *
  * @default ''
- * @example sidebase.io
+ * @example 'sidebase.io'
  */
- cookieDomain?: string;
+ cookieDomain?: string,
  },
  /*
  * Settings for the session-data that `nuxt-auth` receives from the `getSession` endpoint.
@@ -401,12 +409,20 @@ type ProviderRefresh = {
  */
  sameSiteAttribute?: boolean | 'lax' | 'strict' | 'none' | undefined,
  /**
- * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+ * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
+ *
+ * @default false
+ * @example true
+ */
+ secureCookieAttribute?: boolean,
+ /**
+ * The cookie domain.
+ * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
  *
  * @default ''
- * @example sidebase.io
+ * @example 'sidebase.io'
  */
- cookieDomain?: string;
+ cookieDomain?: string,
  },
  /**
  * Settings for the authentication-refreshToken that `nuxt-auth` receives from the `signIn` endpoint and that can be used to authenticate subsequent requests.
 
@@ -56,8 +56,9 @@ const defaultsByBackend: {
  type: 'Bearer',
  cookieName: 'auth.token',
  headerName: 'Authorization',
- maxAgeInSeconds: 30 * 60,
+ maxAgeInSeconds: 30 * 60, // 30 minutes
  sameSiteAttribute: 'lax',
+ secureCookieAttribute: false,
  cookieDomain: ''
  },
  session: {
@@ -86,13 +87,15 @@ const defaultsByBackend: {
  headerName: 'Authorization',
  maxAgeInSeconds: 5 * 60, // 5 minutes
  sameSiteAttribute: 'none',
+ secureCookieAttribute: false,
  cookieDomain: ''
  },
  refreshToken: {
  signInResponseRefreshTokenPointer: '/refreshToken',
  refreshRequestTokenPointer: '/refreshToken',
  cookieName: 'auth.refresh-token',
  maxAgeInSeconds: 60 * 60 * 24 * 7, // 7 days
+ secureCookieAttribute: false,
  cookieDomain: ''
  },
  session: {
 
@@ -29,7 +29,8 @@ export const useAuthState = (): UseAuthStateReturn => {
  default: () => null,
  domain: config.token.cookieDomain,
  maxAge: config.token.maxAgeInSeconds,
- sameSite: config.token.sameSiteAttribute
+ sameSite: config.token.sameSiteAttribute,
+ secure: config.token.secureCookieAttribute
  })
 
  const rawToken = useState('auth:raw-token', () => _rawTokenCookie.value)
 
@@ -19,7 +19,8 @@ export const useAuthState = (): UseAuthStateReturn => {
  default: () => null,
  domain: config.refreshToken.cookieDomain,
  maxAge: config.refreshToken.maxAgeInSeconds,
- sameSite: 'lax'
+ sameSite: 'lax',
+ secure: config.refreshToken.secureCookieAttribute
  }
  )
 
 
@@ -168,10 +168,18 @@ export type ProviderLocal = {
  */
  sameSiteAttribute?: boolean | 'lax' | 'strict' | 'none' | undefined;
  /**
- * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+ * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
+ *
+ * @default false
+ * @example true
+ */
+ secureCookieAttribute?: boolean;
+ /**
+ * The cookie domain.
+ * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
  *
  * @default ''
- * @example sidebase.io
+ * @example 'sidebase.io'
  */
  cookieDomain?: string;
  };
@@ -270,10 +278,18 @@ export type ProviderLocalRefresh = Omit<ProviderLocal, 'type'> & {
  */
  maxAgeInSeconds?: number;
  /**
- * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+ * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
+ *
+ * @default false
+ * @example true
+ */
+ secureCookieAttribute?: boolean;
+ /**
+ * The cookie domain.
+ * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
  *
  * @default ''
- * @example sidebase.io
+ * @example 'sidebase.io'
  */
  cookieDomain?: string;
  };
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,8 @@ export const useAuthState = (): UseAuthStateReturn => {`
`19`	`19`	`default: () => null,`
`20`	`20`	`domain: config.refreshToken.cookieDomain,`
`21`	`21`	`maxAge: config.refreshToken.maxAgeInSeconds,`
`22`		`- sameSite: 'lax'`
	`22`	`+ sameSite: 'lax',`
	`23`	`+ secure: config.refreshToken.secureCookieAttribute`
`23`	`24`	`}`
`24`	`25`	`)`
`25`	`26`