🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@privyid/nuauth

Package Overview
Dependencies
Maintainers
0
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@privyid/nuauth

latest
npmnpm
Version
1.1.0
Version published
Maintainers
0
Created
Source

NuAuth

npm version npm downloads License Nuxt

Oauth2 Client for Nuxt

Compabilities

  • Nuxt 3

Instalation

yarn add --dev @privyid/nuauth

Then, add into nuxt.config.ts modules

export default defineNuxtConfig({
  modules: ['@privyid/nuauth'],
  build  : { transpile: ['@privyid/nuauth'] },
})

Usage

import { useNuAuth } from '@privyid/nuauth/core'

const {
  token,
  isAlmostExpired,
  login,
  logout,
  refresh,
} = useNuAuth()

// Get Access-Token
token.value

// Redirect to login page
login()

// Redirect to login page, and redirect to /dashboard after success
login('/dashboard')

// Redirect to logout page
logout()

// Redirect to logout page, and redirect to /dashboard after success re-login
logout('/dashboard')

// Check token is almost expired (15 minutes before Expired Date)
if (isAlmostExpired(15)) {
  // Request new token
  await refresh()
}

Configuration

This module read enviroment variables directly.

Env NameDefaultDescription
OAUTH_HOST-(Required) Oauth server's host
OAUTH_CLIENT_ID-(Required) Oauth Client ID
OAUTH_CLIENT_SECRET-(Required) Oauth Client Secret
OAUTH_REDIRECT_URI/auth/callbackOauth Callback URI
OAUTH_SCOPEpublic readOauth scope
OAUTH_LOGOUT_URI-Oauth Logout URI
OAUTH_HOME/Redirect path after success login
OAUTH_REGISTERfalseAdd params register to Oauth Server
OAUTH_REDIRECT_WHITELIST-Redirect path after success login whitelist, for multiple value, use ; as delimeter
OAUTH_DENIED_REDIRECTSame as OAUTH_HOMERedirect path after user after denying the authorization request
OAUTH_AUTHORIZE_PATH/oauth/authorizeURL path to request an authorization code
OAUTH_TOKEN_PATH/oauth/tokenURL path to obtain access tokens
OAUTH_REVOKE_PATH/oauth/revokeURL path to revoke access tokens
OAUTH_REFRESH_PATHSame as OAUTH_TOKEN_PATHURL path to refresh access tokens

👉 See .env.example for example

Cookie Serialize Config

You can change default cookie config. Add this in your nuxt.config.ts

export default defineNuxtConfig({
  // ...
  nuauth : {
    // ...
    cookie: {
      httpOnly: true,
      sameSite: 'none',
      path    : '/',
      secure  : true,
    },
    // ...
  }
})

👉 See here for all cookie options.

Multiple Server Profile

Since 0.4.0, you can target more than one oauth server.

  • Add new profile in your nuxt.config.ts
export default defineNuxtConfig({
  // ...
  nuauth: {
    // ...
    profile: {
      default: 'oauth',
      names  : [
        'oauth',  // default profile
        'github', // additional profile
      ]
    }
    // ...
  }
})

  • Your profile's name will become prefix on config env. ex: If your profile's name github, your env will became:

    • GITHUB_HOST
    • GITHUB_CLIENT_ID
    • GITHUB_CLIENT_SECRET,
    • GITHUB_REDIRECT_URI
    • etc.

  • In your component, explicit the profile you want to use.

import { useNuAuth } from '@privyid/nuauth/core'

const {
  token,
  isAlmostExpired,
  login,
  logout,
  refresh,
} = useNuAuth('github')

Disable redirection page

To prevent displaying the redirection page, you can set the sameSite attribute of the cookie to lax or none.

export default defineNuxtConfig({
  // ...
  nuauth: {
    // ...
    cookie: {
      sameSite: 'lax', // or 'none' for cross-origin cookies
    }
    // ...
  }
})

Middleware Guard

Since 0.7.0, NuAuth include global middleware which redirect to login page if user not authenticated. If you want disabled it in some page, you can use set meta page auth to false.

<script setup lang="ts">
  import { definePageMeta } from '#imports'

  definePageMeta({ auth: false })
</script>

Or you can set auth profile using it

<script setup lang="ts">
  import { definePageMeta } from '#imports'

  definePageMeta({ auth: 'github' })
</script>

Or if you want disable redirect on every pages:

// nuxt.config.ts

export default defineNuxtConfig({
  // ...
  nuauth: {
    // ...
    middleware: false,
    // ...
  }
})

Contribution

  • Clone this repository
  • Play Nyan Cat in the background (really important!)
  • Enable Corepack using corepack enable (use npm i -g corepack for Node.js < 16.10)
  • Run yarn install
  • Run yarn dev:prepare to generate type stubs.
  • Use yarn dev to start playground in development mode.

License

MIT License

FAQs

Package last updated on 02 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

Research

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

Socket Threat Research maps a rare inside look at OtterCookie’s npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean operators.

By Kirill Boychenko  -  Nov 26, 2025
Shai Hulud Strikes Again (v2)

Research

/

Security News

Shai Hulud Strikes Again (v2)

Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.

By Socket Research Team  -  Nov 24, 2025