Skip to content

After reloading the page the access token is deleted #1002

New issue
New issue
Open
Open
After reloading the page the access token is deleted#1002
Labels
bugA bug that needs to be resolved
@kirilldonenko

Description

@kirilldonenko
kirilldonenko
opened on Feb 24, 2025

Environment

  • Operating System: Linux
  • Node Version: v22.3.0
  • Nuxt Version: 3.13.2
  • CLI Version: 3.14.0
  • Nitro Version: 2.10.4
  • Package Manager: yarn@1.22.22
  • Builder: -
  • User Config: -
  • Runtime Modules: -
  • Build Modules: -

Reproduction

"@sidebase/nuxt-auth": "^0.10.0"
I see this problem only in the QA environment. Locally everything works correctly.

 `// in nuxt.config auth: { isEnabled: true, baseURL: `${process.env.NUXT_PUBLIC_PROTOCOL}${process.env.NUXT_PUBLIC_DOMAIN}:${process.env.NUXT_PUBLIC_PORT}/`, provider: { type: 'local', endpoints: { signIn: {path: 'api/auth/login', method: 'post'}, signOut: {path: 'api/auth/logout', method: 'post'}, signUp: {path: 'api/auth/register', method: 'post'}, getSession: {path: 'api/user', method: 'get'}, }, token: { signInResponseTokenPointer: '/access_token', type: 'Bearer', cookieName: 'auth._token', headerName: 'Authorization', maxAgeInSeconds: 60 * 60 * 3, sameSiteAttribute: 'lax', cookieDomain: `${process.env.NUXT_FRONTEND_DOMAIN}`, secureCookieAttribute: false, httpOnlyCookieAttribute: false, }, refresh: { isEnabled: true, endpoint: {path: 'api/auth/refresh', method: 'post'}, refreshOnlyToken: false, token: { signInResponseRefreshTokenPointer: '/refresh_token', refreshRequestTokenPointer: '/refresh_token', cookieName: 'auth._refresh-token', maxAgeInSeconds: 60 * 60 * 3, sameSiteAttribute: 'lax', secureCookieAttribute: false, cookieDomain: `${process.env.NUXT_FRONTEND_DOMAIN}`, httpOnlyCookieAttribute: false, } }, }, sessionRefresh: { enablePeriodically: 1000 * 60 * 60, enableOnWindowFocus: false, } },

`
Access and refresh tokens(auth._token and auth._refresh-token) is automatically saved in a cookie on the local domain - "localhost", and on the QA environment on the domain - ".my-qa-domain"

Describe the bug

If I reload the page after authentication, the access token will be deleted, although the refresh token will not be deleted. I only observe this behavior in the QA environment. Maybe someone has encountered something similar?

Additional context

No response

Logs

Metadata
Metadata
Assignees
No one assigned
    Labels
    bugA bug that needs to be resolved
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions