Comments (6)
Also.. not sure when _refreshToken
decides to kick in but after some idle time the page started sending tokenUrl url requests non stop. Turns out if you set token expiration date to more than ~24 days... the representation in milliseconds is bigger than the 32bit integer that setTimeout expects .. so it fires as if timeout is 0 milliseconds. Can be fixed by sth like timeout = Math.min(expireTime - nowTime - offsetTime, 2147483647)
from vue-auth.
I did some changes and its work for replacing old token when reload page
function _refreshToken (cb) {
cb = cb || function () {}
let _this = this
if (_getToken.call(this) && this.getOption('tokenType') === 'jwt') {
_http.call(this, {
url: this.getOption('tokenUrl'),
method: 'get',
success: (res) => {
_setToken.call(this, res.json()[this.getOption('tokenVar')])
let tokenJSON = _decodeToken(_getToken.call(_this))
let expireTime = _getTokenExpirationDate(tokenJSON).valueOf()
let nowTime = new Date().valueOf()
let offsetTime = this.getOption('tokenTimeoutOffset')
let timeout = expireTime - nowTime - offsetTime
clearTimeout(_tokenRefreshTimeout)
_tokenRefreshTimeout = setTimeout(function () {
_refreshToken.call(_this)
}, timeout)
return cb()
},
error: (res) => {
return cb()
}
})
} else {
return cb()
}
}
...
fetch (cb) {
cb = cb || function () {}
if (!this.loaded) {
_refreshToken.call(this, () => {
this.setLoadedAsTrue(cb)
})
} else {
this.setLoadedAsTrue(cb)
}
},
setLoadedAsTrue (cb) {
if (this.authenticated === null && _getToken.call(this)) {
if (!document.cookie.match(/rememberMe/)) {
_removeToken.call(this)
this.loaded = true
return cb()
}
this.authenticated = false
_fetch.call(this, cb)
} else {
this.loaded = true
return cb()
}
},
from vue-auth.
After we logged in then refresh page, then this package automatically trying to fetch
and calling _refreshToken
if this.loaded === false
on line https://github.com/websanova/vue-jwt-auth/blob/master/vue-jwt-auth.js#L427
The problem is..this process is async, so _refreshToken
and _fetch
will called parallel.
This is the summary
- User logged in, save token
A
in local storage - User refresh page
- Package always run
fetch
on initial load - Since this is initial load, then
this.loaded
will false, so package will run_refreshToken
with tokenA
and in parallel call_fetch
with tokenA
too _refreshToken
make tokenA
as blacklist (on server side) and get new tokenB
_fetch
then will has unauthorized access because tokenA
already blacklisted_refreshToken
didn't update new tokenB
in local storage
I think we need to call _refreshToken
as series ..
Thanks
from vue-auth.
Will have to look into it again. Will update the docs with the workflow/reasoning soon. There is also a related issue with expired tokens not being removed. So it tries to use it giving an auth error on load which is not necessary.
Will look into it next week, swamped with some client projects at the moment.
from vue-auth.
Hello @ghprod , I think your solution isnt working when you want to /register /login , refresh the page because as the install function is being called on every refresh, function _fetch isnt being triggered so no user is set. Please check your response.
_fetch.call(this, cb)
from vue-auth.
This has now been reworked a bit in the new v1.0.x-dev version.
However by default it will still do a refresh on each init. If you want to disable it you must override the expiredToken
method.
expiredToken: function () { return false; }
If you set the token in the header or via param during the user (or any other) request it will automatically get sniffed out and set. So you could put it wherever you like if you wanna go some other route.
Or you could also call $auth.refresh()
manually.
from vue-auth.
Related Issues (20)
- Built in cookie store broken in latest version? HOT 4
- Vue 3 Typescript not working, types missing HOT 1
- Integrate vue-auth with Keycloak HOT 1
- [Question] Authenticating users from external apps HOT 2
- How to set token expiration as refreshData interval HOT 1
- Vue3 Demo - Could not resolve dependency vue@"^3.2.0" from [email protected] HOT 2
- Handling MFA HOT 1
- Support pinia for vue 3 HOT 8
- How to extend Auth using v3 createAuth HOT 4
- This package is not working on VUE 3 + Vite
- token doesn't persist, suggested behavior vs Oauth 2.0 RFC spec? HOT 2
- Vue-Auth and Pinia HOT 10
- Vue 3 rolesKey option not supporting dot notation HOT 3
- redirect to page if i get 503 error HOT 2
- Storing multiple user credentials HOT 1
- Handling multiple roles from different keys HOT 2
- Redirect : Erreur 401 on apache server and not a local wamp HOT 4
- Package not working with Vue.js 3.3 and Vite HOT 1
- Missing Typescript definition for named route params
- Logout request executes after auth reset
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vue-auth.