nuxt-oidc-auth icon indicating copy to clipboard operation
nuxt-oidc-auth copied to clipboard
verified publisher icon itpropro

No given access token from `getUserSession` on automatic refresh

Open Siilwyn opened this issue 1 year ago • 7 comments

Using getUserSession with exposeAccessToken: true configured server-side to fetch the current session: When the session is refreshed the returned session data is missing the access token.

It seems that the function returns early before exposing the access token: https://github.com/itpropro/nuxt-oidc-auth/blob/1c41ec6ace19bef01c023b9a806774fcac420dc1/src/runtime/server/utils/session.ts#L159-L162

Tried two workarounds which both have issues, not sure if I'm missing something:

  1. If there is no access token, wait for a second & call getUserSession which seems to work inconsistently.
  2. Manually refresh the token with refreshUserSession, this seems to return the previous access token.

Using Auth0 with authenticationScheme: "body"

Siilwyn avatar Oct 29 '24 13:10 Siilwyn

i have the same problem with keycloak, would be really good if someone could fix it

Flou21 avatar Nov 10 '24 21:11 Flou21

I was not able to reproduce this with the example Auth0 config from the docs and beta3. Can you please provide a reproduction or full config?

itpropro avatar Jan 06 '25 00:01 itpropro

I've got the same issue with Zitadel provider. Also automaticRefresh is not wroking for me but I managed to make a custom refresh logic within app.vue onBeforeMount <script setup lang="ts"> const { user, refresh, fetch, logout } = useOidcAuth(); onBeforeMount(() => { const currentTime = Math.floor(Date.now() / 1000); console.log(user.value?.accessToken); console.log(JSON.stringify(user.value)); console.log( Expire at: ${user.value?.expireAt}, Current time: ${currentTime}` ); if (user.value?.expireAt! <= currentTime) { if (user.value?.canRefresh) { console.warn('Token expired, refreshing!'); refresh(); } else { console.warn('Token expired and can not be refreshed, logging out!'); logout(); } } else { console.log('Token is still valid'); }

fetch(); }); ` But the issue is that even tho timestamps are updated I do not get accesToken in my user object again. for example: console log for access token is undefined While other logs are Expire at: 1737119169, Current time: 1737105782 app.vue:27 Token is still valid I can not provide whole user.value here because data is sensitive. P.S. using version 1.0.0v3beta

arajkovic22 avatar Jan 17 '25 09:01 arajkovic22

Although I was not 100% able to reproduce your issues, but a lot of session and refresh related things were fixed with beta 4, please try that and give some feedback on it.

itpropro avatar Jan 18 '25 03:01 itpropro

@itpropro Using the beta v5 now, refresh is now working BUT ONLY when token expires. expirationThreshold in the sessions config seems to have no effect for automatic refresh and also if I turn off automatic refresh and handle session manually refresh() resolves but nothing happens if I call it before the token is expired, it will refresh the session once expireAt gets over the current time... Do you have an idea what may be the issue here? At least refreshing now works so I am not completely blocked by this. Thanks for the effort you guys have been putting into this :-)

arajkovic22 avatar Feb 12 '25 08:02 arajkovic22

Still having this issue as well with keycloak

margaretjoanmiller avatar May 09 '25 17:05 margaretjoanmiller

Can you please share your keycloak configs? It's very hard to reproduce, as there are so many different setting combinations in keycloak.

itpropro avatar May 11 '25 22:05 itpropro