-1

我使用@nuxtjs/auth-next,我必须有配置问题,但我尝试了多种配置但没有成功。

我将此示例用于服务器部分https://github.com/cornflourblue/node-mongo-signup-verification-api

这是我当前的配置:

auth: {
  redirect: {
    login: '/login',
    logout: '/',
    callback: '/login',
    home: '/'
  },
  strategies: {
    local: {
      scheme: 'refresh',
      token: {
        property: 'jwtToken',
        maxAge: 1800,
        global: true,
        // type: 'Bearer'
      },
      refreshToken: {
        property: 'refreshToken',
        data: 'refreshToken',
        maxAge: 60 * 60 * 24 * 30
      },
      user: {
        property: false,
        autoFetch: false
      },
      endpoints: {
        login: { url: '/accounts/authenticate', method: 'post', propertyName: 'data.jwtToken' },
        refresh: { url: '/accounts/refresh-token', method: 'post' },
        user: false,
        //user: { url: '/accounts/refresh-token', method: 'post', propertyName: null },
        logout: { url: '/accounts/revoke-token', method: 'post' }
      },
      // autoLogout: false
    }
  }
}

回复

饼干

我认为 Cookies 和答案是正确的。怎么了?

4

1 回答 1

0

它正在使用此配置“工作”:

  auth: {
    redirect: {
      login: '/login',
      logout: '/',
      callback: '/login',
      home: '/'
    },
    strategies: {
      local: {
        scheme: 'refresh',
        token: {
          property: 'jwtToken',
          maxAge: 1800,
          global: true,
          //type: ''
        },
        refreshToken: {
          property: 'jwtToken',
          data: 'refreshToken',
          maxAge: 60 * 60 * 24 * 30
        },
        user: {
          property: false,
          autoFetch: false
        },
        endpoints: {
          login: { url: '/accounts/authenticate', method: 'post', propertyName: 'jwtToken' },
          refresh: { url: '/accounts/refresh-token', method: 'post' },
          user: false,
          //user: { url: '/accounts/refresh-token', method: 'post', propertyName: null },
          logout: { url: '/accounts/revoke-token', method: 'post' }
        },
        // autoLogout: false
      }
    }
  }

但实际上刷新令牌是由服务器在 HTTP Only cookie 中发送的,因此它不起作用。@nuxtjs/auth-next 是否涵盖了这种情况,或者是否必须在 API 响应中包含刷新令牌?

于 2021-07-01T11:51:48.663 回答