-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why only server side #29
Comments
Hey @ennioVisco Because the session / cookies system I use is relying on What are you building that does not need SSR? |
It's not that it does not need SSR, it's more like SSR is a gigantic burden with negligible benefits:
|
The thing is that we need an API endpoint anyway to store the cookie, so even without SSR you will need to run a node server, would that be OK to you? |
But I don't get why: couldn't a sessionStorage or localStorage serve the purpose? This is for example how amplify does: https://docs.amplify.aws/react/build-a-backend/auth/manage-user-session |
This module leverages I guess Amplify store the session in database to get back the values? |
I'm not sure what you mean, sorry, I'm not a super expert on authentication protocols. Here is how Cognito (the AWS service Amplify wraps) works: From my understanding, it is an OAuth 2.0 flow where:
|
I think I get your point now, you want to enforce the encryption and the adoption as an httpOnly cookie. It goes without saying that if you want to enforce server-side encryption, there is no way to have this library without ssr :) |
Also the fact that all utils are server-side for OAuth. |
If you've ever built a hybrid native app (Capacitor.js) with a web version you'll know the different hoops the client has to jump through for Apple and Facebook Oauth depending on if you are native or web. One thing that remains the same is the API code thankfully, so a module like this can be used. |
Reading this, it seems like there are no plans to ever support |
Not at the moment @mbergen What's your usage of authentication on a nuxt generated application? |
I have an API I need to authenticate against with an OpenIDConnect token, which the generated nuxt frontend needs to send with all requests. |
I have this use case as well. Python FastAPI backend with auth handled through JWT access and refresh tokens. SEO or initial loading time is not important, makes more sense to run the frontend as static SPA. |
One of the issue when dealing with static generated content is when you have the Auth state in the header for example, then the "login" button will be generated at build time. You will have to wrap this with |
I might be too inexperienced here, but I don't see what the issue with that is (e.g. right now with nuxt2+nuxt/auth, I don't have a login button on every page, but rather redirect to a dedicated login page with a Middleware if someone is not logged in) |
Hi Sébastien, I will soon be migrating from Nuxt 2 to 3, It would be nice to have in these auth utils a flow for "Local/refresh" as it was called in nuxt/auth, and that it would work for SPA apps. In case of precompiled apps I think indeed it would make sense to wrap in |
it would be nice if you can test implementing yourself the authentication using Nuxt |
I will look into it when I start migrating. I just saw the PR request for jwt local auth #17. I understand from the discussion there that the Nuxt team considers full flows for clientside token based schemes out of scope for nuxt-auth-utils, but rather than providing all of the flow in one event handler may still consider small composable utility functions that could be used to build a jwt flow? |
Would love to be able to use this module without SSR (but deployed on a nodejs server) - my understanding is SPA !== static That's not doable at the moment with the plugin, right? tldr: i need SSR for crawlers and not logged users and SPA for non logged users |
I agree that we need local support. |
@luminous8 very good timing as I have been working the last days on supporting SPA & SSG/SWR but it will need to use |
Awesome news! |
Thanks a lot Atinux for the great work!
This module is very clean and easy to understand!
My question is what are the reasons for which it is only server-side, by looking at the endpoints it seems that code could easily be in pages or composables, so, why the limitation?
The text was updated successfully, but these errors were encountered: