@sidebase/nuxt-auth - npm Package Compare versions

205

dist/module.d.ts

		@@ -47,19 +47,16 @@ import { NuxtModule } from 'nuxt/schema';
		type DataObjectArray = `${string}[]`;
		type SessionDataObject = {
		interface SessionDataObject {
		[key: string]: Omit<string, DataObjectPrimitives \| DataObjectArray> \| SessionDataObject;
		};
		}
		/**
		* Available `nuxt-auth` authentication providers.
		*/
		type SupportedAuthProviders = 'authjs' \| 'local' \| 'refresh';
		type SupportedAuthProviders = 'authjs' \| 'local';
		/**
		* Configuration for the `local`-provider.
		*/
		type ProviderLocal = {
		interface ProviderLocal {
		/**
		* Uses the `local` provider to facilitate authentication. Currently, two providers exclusive are supported:
		* - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
		* - `local` or 'refresh': Username and password provider with support for static-applications
		*
		* Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
		* Uses the `local` provider to facilitate authentication.
		* Read more here: https://auth.sidebase.io/guide/local/quick-start
		*/
		@@ -170,3 +167,4 @@ type: Extract<SupportedAuthProviders, 'local'>;
		/**
		* The cookie sameSite policy. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
		* The cookie sameSite policy.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
		*
		@@ -179,2 +177,3 @@ * @default 'lax'
		* Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.5
		*
		@@ -195,2 +194,3 @@ * @default false
		* Whether to set the httpOnly flag on the cookie.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.6
		*
		@@ -220,17 +220,14 @@ * @default false
		};
		};
		/**
		* Configuration for the `refresh`-provider an extended version of the local provider.
		*/
		type ProviderLocalRefresh = Omit<ProviderLocal, 'type'> & {
		/**
		* Uses the `authjs` provider to facilitate authentication. Currently, two providers exclusive are supported:
		* - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
		* - `local` or 'refresh': Username and password provider with support for static-applications
		*
		* Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
		* Configuration for the refresh token logic of the `local` provider.
		* If set to `undefined` or set to `{ isEnabled: false }`, refresh tokens will not be used.
		*/
		type: Extract<SupportedAuthProviders, 'refresh'>;
		endpoints?: {
		refresh?: {
		/**
		* Whether the refresh logic of the local provider is active
		*
		* @default false
		*/
		isEnabled?: boolean;
		/**
		* What method and path to call to perform the sign-in. This endpoint must return a token that can be used to authenticate subsequent requests.
		@@ -240,87 +237,98 @@ *
		*/
		refresh?: {
		endpoint?: {
		path?: string;
		method?: RouterMethod;
		};
		};
		/**
		* When refreshOnlyToken is set, only the token will be refreshed
		*
		* @default true
		*/
		refreshOnlyToken?: boolean;
		refreshToken?: {
		/**
		* How to extract the authentication-token from the sign-in response.
		* When refreshOnlyToken is set to `true`, only the token will be updated when the refresh endpoint is called.
		* When refreshOnlyToken is set to `false`, the token and refreshToken will be updated when the refresh endpoint is called.
		*
		* E.g., setting this to `/refreshToken/bearer` and returning an object like `{ refreshToken: { bearer: 'THE_AUTH_TOKEN' }, timestamp: '2023' }` from the `signIn` endpoint will
		* result in `nuxt-auth` extracting and storing `THE_AUTH_TOKEN`.
		*
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken' Access the `refreshToken` property of the sign-in response object
		* @example / Access the root of the sign-in response object, useful when your endpoint returns a plain, non-object string as the token
		* @default true
		*/
		signInResponseRefreshTokenPointer?: string;
		refreshOnlyToken?: boolean;
		/**
		* How to do a fetch for the refresh token.
		*
		* This is especially useful when you have an external backend signing tokens. Refer to this issue to get more information: https://github.com/sidebase/nuxt-auth/issues/635.
		*
		* ### Example
		* Setting this to `/refresh/token` would make Nuxt Auth send the `POST /api/auth/refresh` with the following BODY: `{ "refresh": { "token": "..." } }
		*
		* ### Notes
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken'
		* Settings for the refresh-token that `nuxt-auth` receives from the `signIn` endpoint that is used for the `refresh` endpoint.
		*/
		refreshRequestTokenPointer?: string;
		/**
		* It refers to the name of the property when it is stored in a cookie.
		*
		* @default auth.refresh-token
		* @example auth._refresh-token
		*/
		cookieName?: string;
		/**
		* Maximum age to store the authentication token for. After the expiry time the token is automatically deleted on the application side, i.e., in the users' browser.
		*
		* Note: Your backend may reject / expire the token earlier / differently.
		*/
		maxAgeInSeconds?: number;
		/**
		* Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
		*
		* @default false
		* @example true
		*/
		secureCookieAttribute?: boolean;
		/**
		* The cookie domain.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
		*
		* @default ''
		* @example 'sidebase.io'
		*/
		cookieDomain?: string;
		/**
		* Whether to set the httpOnly flag on the cookie.
		*
		* @default false
		* @example true
		*/
		httpOnlyCookieAttribute?: boolean;
		token?: {
		/**
		* How to extract the authentication-token from the sign-in response.
		*
		* E.g., setting this to `/refreshToken/bearer` and returning an object like `{ refreshToken: { bearer: 'THE_AUTH_TOKEN' }, timestamp: '2023' }` from the `signIn` endpoint will
		* result in `nuxt-auth` extracting and storing `THE_AUTH_TOKEN`.
		*
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken' Access the `refreshToken` property of the sign-in response object
		* @example / Access the root of the sign-in response object, useful when your endpoint returns a plain, non-object string as the token
		*/
		signInResponseRefreshTokenPointer?: string;
		/**
		* How to do a fetch for the refresh token.
		*
		* This is especially useful when you have an external backend signing tokens. Refer to this issue to get more information: https://github.com/sidebase/nuxt-auth/issues/635.
		*
		* ### Example
		* Setting this to `/refresh/token` would make Nuxt Auth send the `POST /api/auth/refresh` with the following BODY: `{ "refresh": { "token": "..." } }
		*
		* ### Notes
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken'
		*/
		refreshRequestTokenPointer?: string;
		/**
		* It refers to the name of the property when it is stored in a cookie.
		*
		* @default 'auth.refresh-token'
		* @example 'auth._refresh-token'
		*/
		cookieName?: string;
		/**
		* Maximum age to store the authentication token for. After the expiry time the token is automatically deleted on the application side, i.e., in the users' browser.
		*
		* Note: Your backend may reject / expire the token earlier / differently.
		*/
		maxAgeInSeconds?: number;
		/**
		* The cookie sameSite policy.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
		*
		* @default 'lax'
		* @example 'strict'
		*/
		sameSiteAttribute?: boolean \| 'lax' \| 'strict' \| 'none' \| undefined;
		/**
		* Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.5
		*
		* @default false
		* @example true
		*/
		secureCookieAttribute?: boolean;
		/**
		* The cookie domain.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
		*
		* @default ''
		* @example 'sidebase.io'
		*/
		cookieDomain?: string;
		/**
		* Whether to set the httpOnly flag on the cookie.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.6
		*
		* @default false
		* @example true
		*/
		httpOnlyCookieAttribute?: boolean;
		};
		};
		};
		}
		/**
		* Configuration for the `authjs`-provider.
		*/
		type ProviderAuthjs = {
		interface ProviderAuthjs {
		/**
		* Uses the `authjs` provider to facilitate autnetication. Currently, two providers exclusive are supported:
		* - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
		* - `local` or `refresh`: Username and password provider with support for static-applications
		*
		* Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
		* Uses the `authjs` provider to facilitate authentication.
		* Read more here: https://auth.sidebase.io/guide/authjs/quick-start
		*/
		@@ -349,4 +357,4 @@ type: Extract<SupportedAuthProviders, 'authjs'>;
		addDefaultCallbackUrl?: boolean \| string;
		};
		type AuthProviders = ProviderAuthjs \| ProviderLocal \| ProviderLocalRefresh;
		}
		type AuthProviders = ProviderAuthjs \| ProviderLocal;
		interface RefreshHandler {
		@@ -357,7 +365,7 @@ /**
		*/
		init(): void;
		init: () => void;
		/**
		* Handles cleanup of the refresh handler. Will be called on `unmount` app hook.
		*/
		destroy(): void;
		destroy: () => void;
		}
		@@ -492,2 +500,3 @@ interface DefaultRefreshHandlerConfig {
		globalAppMiddleware: NonNullable<ModuleOptions['globalAppMiddleware']>;
		originEnvKey: string;
		computed: {
		@@ -494,0 +503,0 @@ origin: string \| undefined;

2

dist/module.json

		{
		"name": "sidebase-auth",
		"configKey": "auth",
		"version": "0.8.2"
		"version": "0.9.0"
		}

10

dist/runtime/composables/authjs/useAuth.d.ts

		import type { AppProvider, BuiltInProviderType } from 'next-auth/providers/index';
		import type { CommonUseAuthReturn, SignOutFunc, GetSessionFunc, SignInFunc } from '../../types';
		import type { CommonUseAuthReturn, GetSessionOptions, SignInFunc, SignOutFunc } from '../../types';
		import type { SessionData } from './useAuthState';
		@@ -15,3 +15,3 @@ /**
		*/
		declare const getCsrfToken: () => Promise<string>;
		declare function getCsrfToken(): Promise<string>;
		/**
		@@ -34,3 +34,3 @@ * Trigger a sign in flow for the passed `provider`. If no provider is given the sign in page for all providers will be shown.
		*/
		declare const getProviders: () => Promise<Record<LiteralUnion<BuiltInProviderType, string>, Omit<AppProvider, "options"> \| undefined>>;
		declare function getProviders(): Promise<Record<LiteralUnion<BuiltInProviderType, string>, Omit<AppProvider, "options"> \| undefined>>;
		/**
		@@ -41,3 +41,3 @@ * Refresh and get the current session data.
		*/
		declare const getSession: GetSessionFunc<SessionData>;
		declare function getSession(getSessionOptions?: GetSessionOptions): Promise<SessionData>;
		/**
		@@ -53,3 +53,3 @@ * Sign out the current user.
		}
		export declare const useAuth: () => UseAuthReturn;
		export declare function useAuth(): UseAuthReturn;
		export default useAuth;

2

dist/runtime/composables/commonAuthState.d.ts

		import type { SessionStatus } from '../types';
		export declare const makeCommonAuthState: <SessionData>() => {
		export declare function makeCommonAuthState<SessionData>(): {
		data: any;
		@@ -4,0 +4,0 @@ loading: any;

15

dist/runtime/composables/local/useAuth.d.ts

		import { type Ref } from 'vue';
		import type { CommonUseAuthReturn, SignOutFunc, SignInFunc, GetSessionFunc, SecondarySignInOptions, SignUpOptions } from '../../types';
		import type { CommonUseAuthReturn, GetSessionOptions, SecondarySignInOptions, SignInFunc, SignOutFunc, SignUpOptions } from '../../types';
		import type { SessionData } from '#auth';
		@@ -11,9 +11,16 @@ type Credentials = {
		declare const signOut: SignOutFunc;
		declare const getSession: GetSessionFunc<SessionData \| null \| void>;
		declare const signUp: (credentials: Credentials, signInOptions?: SecondarySignInOptions, signUpOptions?: SignUpOptions) => Promise<any>;
		declare function getSession(getSessionOptions?: GetSessionOptions): Promise<SessionData \| null \| void>;
		declare function signUp(credentials: Credentials, signInOptions?: SecondarySignInOptions, signUpOptions?: SignUpOptions): Promise<any>;
		/**
		* Returns an extended version of CommonUseAuthReturn with local-provider specific data
		*
		* @remarks
		* The returned value `refreshToken` will always be `null` if `refresh.isEnabled` is `false`
		*/
		interface UseAuthReturn extends CommonUseAuthReturn<typeof signIn, typeof signOut, typeof getSession, SessionData> {
		signUp: typeof signUp;
		token: Readonly<Ref<string \| null>>;
		refreshToken: Readonly<Ref<string \| null>>;
		}
		export declare const useAuth: () => UseAuthReturn;
		export declare function useAuth(): UseAuthReturn;
		export {};

14

dist/runtime/composables/local/useAuthState.d.ts

		import { type ComputedRef } from 'vue';
		import type { CommonUseAuthStateReturn } from '../../types';
		import type { CookieRef } from '#app';
		import { type CommonUseAuthStateReturn } from '../../types';
		import type { SessionData } from '#auth';
		interface UseAuthStateReturn extends CommonUseAuthStateReturn<SessionData> {
		/**
		* The internal response of the local-specific auth data
		*
		* @remarks
		* The returned value `refreshToken` and `rawRefreshToken` will always be `null` if `refresh.isEnabled` is `false`
		*/
		export interface UseAuthStateReturn extends CommonUseAuthStateReturn<SessionData> {
		token: ComputedRef<string \| null>;
		rawToken: CookieRef<string \| null>;
		refreshToken: ComputedRef<string \| null>;
		rawRefreshToken: CookieRef<string \| null>;
		setToken: (newToken: string \| null) => void;
		@@ -16,3 +24,3 @@ clearToken: () => void;
		}
		export declare const useAuthState: () => UseAuthStateReturn;
		export declare function useAuthState(): UseAuthStateReturn;
		export default useAuthState;

21

dist/runtime/helpers.d.ts

		import type { DeepRequired } from 'ts-essentials';
		import type { SupportedAuthProviders, AuthProviders } from './types';
		import { useRuntimeConfig } from '#imports';
		import type { ProviderAuthjs, ProviderLocal } from './types';
		import type { useRuntimeConfig } from '#imports';
		export declare const isProduction: boolean;
		export declare const getOriginAndPathnameFromURL: (url: string) => {
		export declare function getOriginAndPathnameFromURL(url: string): {
		origin: any;
		pathname: string \| undefined;
		};
		type RuntimeConfig = ReturnType<typeof useRuntimeConfig>;
		export type ProviderAuthjsResolvedConfig = DeepRequired<ProviderAuthjs>;
		export type ProviderLocalResolvedConfig = DeepRequired<ProviderLocal>;
		export declare function useTypedBackendConfig(runtimeConfig: RuntimeConfig, type: 'authjs'): ProviderAuthjsResolvedConfig;
		export declare function useTypedBackendConfig(runtimeConfig: RuntimeConfig, type: 'local'): ProviderLocalResolvedConfig;
		/**
		* Get the backend configuration from the runtime config in a typed manner.
		*
		* @param runtimeConfig The runtime config of the application
		* @param type Backend type to be enforced (e.g.: `local`,`refresh` or `authjs`)
		*/
		export declare const useTypedBackendConfig: <T extends SupportedAuthProviders>(runtimeConfig: ReturnType<typeof useRuntimeConfig>, _type: T) => Extract<DeepRequired<AuthProviders>, {
		type: T;
		}>;
		/**
		* Get a property from an object following the JSON Pointer spec.
		@@ -44,1 +40,2 @@ *
		export declare function objectFromJsonPointer(pointer: string \| string[], value: any): Record<string, any>;
		export {};

9

dist/runtime/middleware/auth.d.ts

		type MiddlewareMeta = boolean \| {
		/** Whether to only allow unauthenticated users to access this page.
		/**
		* Whether to only allow unauthenticated users to access this page.
		*
		@@ -9,3 +10,4 @@ * Authenticated users will be redirected to `/` or the route defined in `navigateAuthenticatedTo`
		unauthenticatedOnly?: boolean;
		/** Where to redirect authenticated users if `unauthenticatedOnly` is set to true
		/**
		* Where to redirect authenticated users if `unauthenticatedOnly` is set to true
		*
		@@ -15,3 +17,4 @@ * @default undefined
		navigateAuthenticatedTo?: string;
		/** Where to redirect unauthenticated users if this page is protected
		/**
		* Where to redirect unauthenticated users if this page is protected
		*
		@@ -18,0 +21,0 @@ * @default undefined

2

dist/runtime/server/plugins/assertOrigin.d.ts

		/**
		* Due to an upstream bug in Nuxt 3 we need to stub the plugin here, track: https://github.com/nuxt/nuxt/issues/18556
		* */
		*/
		import type { NitroApp } from 'nitropack';
		@@ -5,0 +5,0 @@ type NitroAppPlugin = (nitro: NitroApp) => void;

17

dist/runtime/server/services/authjs/nuxtAuthHandler.d.ts

		@@ -5,13 +5,18 @@ import type { H3Event } from 'h3';
		/** Setup the nuxt (next) auth event handler, based on the passed in options */
		export declare const NuxtAuthHandler: (nuxtAuthOptions?: AuthOptions) => import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string \| void \| any[] \| Record<string, any>>>;
		export declare const getServerSession: (event: H3Event) => Promise<Session \| null>;
		export declare function NuxtAuthHandler(nuxtAuthOptions?: AuthOptions): import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
		/** Gets session on server-side */
		export declare function getServerSession(event: H3Event): Promise<Session \| null>;
		/**
		* Get the decoded JWT token either from cookies or header (both are attempted).
		*
		* The only change from the original `getToken` implementation is that the `req` is not passed in, in favor of `event` being passed in. See https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken for further documentation.
		* The only change from the original `getToken` implementation is that the `req` is not passed in, in favor of `event` being passed in.
		* See https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken for further documentation.
		*
		* @param eventAndOptions Omit<GetTokenParams, 'req'> & { event: H3Event } The event to get the cookie or authorization header from that contains the JWT Token and options you want to alter token getting behavior.
		* @param eventAndOptions The event and options used to alter the token behaviour.
		* @param eventAndOptions.event The event to get the cookie or authorization header from that contains the JWT Token
		* @param eventAndOptions.secureCookie boolean to determine if the protocol is secured with https
		* @param eventAndOptions.secret A secret string used for encryption
		*/
		export declare const getToken: <R extends boolean = false>({ event, secureCookie, secret, ...rest }: Omit<GetTokenParams<R>, "req"> & {
		export declare function getToken<R extends boolean = false>({ event, secureCookie, secret, ...rest }: Omit<GetTokenParams<R>, 'req'> & {
		event: H3Event;
		}) => Promise<R extends true ? string : import("next-auth/jwt").JWT \| null>;
		}): Promise<R extends true ? string : import("next-auth/jwt").JWT \| null>;

8

dist/runtime/server/services/utils.d.ts

		@@ -1,9 +0,5 @@
		import { H3Event } from 'h3';
		import type { H3Event } from 'h3';
		/**
		* Get `origin` and fallback to `x-forwarded-host` or `host` headers if not in production.
		*/
		export declare const getServerOrigin: (event?: H3Event) => string;
		/** Get the request url or construct it */
		export declare const getRequestURLFromRequest: (event: H3Event, { trustHost }: {
		trustHost: boolean;
		}) => string \| undefined;
		export declare function getServerOrigin(event?: H3Event): string;

222

dist/runtime/types.d.ts

		@@ -1,2 +0,2 @@
		import type { Ref, ComputedRef } from 'vue';
		import type { ComputedRef, Ref } from 'vue';
		import type { RouterMethod } from 'h3';
		@@ -39,19 +39,16 @@ import type { SupportedProviders } from './composables/authjs/useAuth';
		type DataObjectArray = `${string}[]`;
		export type SessionDataObject = {
		export interface SessionDataObject {
		[key: string]: Omit<string, DataObjectPrimitives \| DataObjectArray> \| SessionDataObject;
		};
		}
		/**
		* Available `nuxt-auth` authentication providers.
		*/
		export type SupportedAuthProviders = 'authjs' \| 'local' \| 'refresh';
		export type SupportedAuthProviders = 'authjs' \| 'local';
		/**
		* Configuration for the `local`-provider.
		*/
		export type ProviderLocal = {
		export interface ProviderLocal {
		/**
		* Uses the `local` provider to facilitate authentication. Currently, two providers exclusive are supported:
		* - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
		* - `local` or 'refresh': Username and password provider with support for static-applications
		*
		* Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
		* Uses the `local` provider to facilitate authentication.
		* Read more here: https://auth.sidebase.io/guide/local/quick-start
		*/
		@@ -162,3 +159,4 @@ type: Extract<SupportedAuthProviders, 'local'>;
		/**
		* The cookie sameSite policy. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
		* The cookie sameSite policy.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
		*
		@@ -171,2 +169,3 @@ * @default 'lax'
		* Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.5
		*
		@@ -187,2 +186,3 @@ * @default false
		* Whether to set the httpOnly flag on the cookie.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.6
		*
		@@ -212,17 +212,14 @@ * @default false
		};
		};
		/**
		* Configuration for the `refresh`-provider an extended version of the local provider.
		*/
		export type ProviderLocalRefresh = Omit<ProviderLocal, 'type'> & {
		/**
		* Uses the `authjs` provider to facilitate authentication. Currently, two providers exclusive are supported:
		* - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
		* - `local` or 'refresh': Username and password provider with support for static-applications
		*
		* Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
		* Configuration for the refresh token logic of the `local` provider.
		* If set to `undefined` or set to `{ isEnabled: false }`, refresh tokens will not be used.
		*/
		type: Extract<SupportedAuthProviders, 'refresh'>;
		endpoints?: {
		refresh?: {
		/**
		* Whether the refresh logic of the local provider is active
		*
		* @default false
		*/
		isEnabled?: boolean;
		/**
		* What method and path to call to perform the sign-in. This endpoint must return a token that can be used to authenticate subsequent requests.
		@@ -232,87 +229,98 @@ *
		*/
		refresh?: {
		endpoint?: {
		path?: string;
		method?: RouterMethod;
		};
		};
		/**
		* When refreshOnlyToken is set, only the token will be refreshed
		*
		* @default true
		*/
		refreshOnlyToken?: boolean;
		refreshToken?: {
		/**
		* How to extract the authentication-token from the sign-in response.
		* When refreshOnlyToken is set to `true`, only the token will be updated when the refresh endpoint is called.
		* When refreshOnlyToken is set to `false`, the token and refreshToken will be updated when the refresh endpoint is called.
		*
		* E.g., setting this to `/refreshToken/bearer` and returning an object like `{ refreshToken: { bearer: 'THE_AUTH_TOKEN' }, timestamp: '2023' }` from the `signIn` endpoint will
		* result in `nuxt-auth` extracting and storing `THE_AUTH_TOKEN`.
		*
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken' Access the `refreshToken` property of the sign-in response object
		* @example / Access the root of the sign-in response object, useful when your endpoint returns a plain, non-object string as the token
		* @default true
		*/
		signInResponseRefreshTokenPointer?: string;
		refreshOnlyToken?: boolean;
		/**
		* How to do a fetch for the refresh token.
		*
		* This is especially useful when you have an external backend signing tokens. Refer to this issue to get more information: https://github.com/sidebase/nuxt-auth/issues/635.
		*
		* ### Example
		* Setting this to `/refresh/token` would make Nuxt Auth send the `POST /api/auth/refresh` with the following BODY: `{ "refresh": { "token": "..." } }
		*
		* ### Notes
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken'
		* Settings for the refresh-token that `nuxt-auth` receives from the `signIn` endpoint that is used for the `refresh` endpoint.
		*/
		refreshRequestTokenPointer?: string;
		/**
		* It refers to the name of the property when it is stored in a cookie.
		*
		* @default auth.refresh-token
		* @example auth._refresh-token
		*/
		cookieName?: string;
		/**
		* Maximum age to store the authentication token for. After the expiry time the token is automatically deleted on the application side, i.e., in the users' browser.
		*
		* Note: Your backend may reject / expire the token earlier / differently.
		*/
		maxAgeInSeconds?: number;
		/**
		* Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
		*
		* @default false
		* @example true
		*/
		secureCookieAttribute?: boolean;
		/**
		* The cookie domain.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
		*
		* @default ''
		* @example 'sidebase.io'
		*/
		cookieDomain?: string;
		/**
		* Whether to set the httpOnly flag on the cookie.
		*
		* @default false
		* @example true
		*/
		httpOnlyCookieAttribute?: boolean;
		token?: {
		/**
		* How to extract the authentication-token from the sign-in response.
		*
		* E.g., setting this to `/refreshToken/bearer` and returning an object like `{ refreshToken: { bearer: 'THE_AUTH_TOKEN' }, timestamp: '2023' }` from the `signIn` endpoint will
		* result in `nuxt-auth` extracting and storing `THE_AUTH_TOKEN`.
		*
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken' Access the `refreshToken` property of the sign-in response object
		* @example / Access the root of the sign-in response object, useful when your endpoint returns a plain, non-object string as the token
		*/
		signInResponseRefreshTokenPointer?: string;
		/**
		* How to do a fetch for the refresh token.
		*
		* This is especially useful when you have an external backend signing tokens. Refer to this issue to get more information: https://github.com/sidebase/nuxt-auth/issues/635.
		*
		* ### Example
		* Setting this to `/refresh/token` would make Nuxt Auth send the `POST /api/auth/refresh` with the following BODY: `{ "refresh": { "token": "..." } }
		*
		* ### Notes
		* This follows the JSON Pointer standard, see its RFC6901 here: https://www.rfc-editor.org/rfc/rfc6901
		*
		* @default '/refreshToken'
		*/
		refreshRequestTokenPointer?: string;
		/**
		* It refers to the name of the property when it is stored in a cookie.
		*
		* @default 'auth.refresh-token'
		* @example 'auth._refresh-token'
		*/
		cookieName?: string;
		/**
		* Maximum age to store the authentication token for. After the expiry time the token is automatically deleted on the application side, i.e., in the users' browser.
		*
		* Note: Your backend may reject / expire the token earlier / differently.
		*/
		maxAgeInSeconds?: number;
		/**
		* The cookie sameSite policy.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
		*
		* @default 'lax'
		* @example 'strict'
		*/
		sameSiteAttribute?: boolean \| 'lax' \| 'strict' \| 'none' \| undefined;
		/**
		* Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.5
		*
		* @default false
		* @example true
		*/
		secureCookieAttribute?: boolean;
		/**
		* The cookie domain.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
		*
		* @default ''
		* @example 'sidebase.io'
		*/
		cookieDomain?: string;
		/**
		* Whether to set the httpOnly flag on the cookie.
		* See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.6
		*
		* @default false
		* @example true
		*/
		httpOnlyCookieAttribute?: boolean;
		};
		};
		};
		}
		/**
		* Configuration for the `authjs`-provider.
		*/
		export type ProviderAuthjs = {
		export interface ProviderAuthjs {
		/**
		* Uses the `authjs` provider to facilitate autnetication. Currently, two providers exclusive are supported:
		* - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
		* - `local` or `refresh`: Username and password provider with support for static-applications
		*
		* Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
		* Uses the `authjs` provider to facilitate authentication.
		* Read more here: https://auth.sidebase.io/guide/authjs/quick-start
		*/
		@@ -341,4 +349,4 @@ type: Extract<SupportedAuthProviders, 'authjs'>;
		addDefaultCallbackUrl?: boolean \| string;
		};
		export type AuthProviders = ProviderAuthjs \| ProviderLocal \| ProviderLocalRefresh;
		}
		export type AuthProviders = ProviderAuthjs \| ProviderLocal;
		export interface RefreshHandler {
		@@ -349,7 +357,7 @@ /**
		*/
		init(): void;
		init: () => void;
		/**
		* Handles cleanup of the refresh handler. Will be called on `unmount` app hook.
		*/
		destroy(): void;
		destroy: () => void;
		}
		@@ -497,3 +505,3 @@ export interface DefaultRefreshHandlerConfig {
		getSession: GetSession;
		refresh(): Promise<unknown>;
		refresh: () => Promise<unknown>;
		}
		@@ -517,3 +525,4 @@ export interface CommonUseAuthStateReturn<SessionData> {
		callbackUrl?: string;
		/** Whether to redirect users after the method succeeded.
		/**
		* Whether to redirect users after the method succeeded.
		*
		@@ -523,3 +532,4 @@ * @default true
		redirect?: boolean;
		/** Is this callback URL an external one. Setting this to true, allows you to redirect to external urls, however a hard refresh will be done.
		/**
		* Is this callback URL an external one. Setting this to true, allows you to redirect to external urls, however a hard refresh will be done.
		*
		@@ -531,3 +541,4 @@ * @default false
		export interface SignUpOptions extends SecondarySignInOptions {
		/** Prevent the signIn flow during registration
		/**
		* Prevent the signIn flow during registration
		*
		@@ -548,3 +559,4 @@ * @default false
		onUnauthenticated?: () => void;
		/** Whether to refetch the session even if the token returned by useAuthState is null.
		/**
		* Whether to refetch the session even if the token returned by useAuthState is null.
		*
		@@ -556,3 +568,2 @@ * @default false
		export type SignOutFunc = (options?: SignOutOptions) => Promise<any>;
		export type GetSessionFunc<SessionData> = (getSessionOptions?: GetSessionOptions) => Promise<SessionData>;
		export type SignInFunc<PrimarySignInOptions, SignInResult> = (primaryOptions: PrimarySignInOptions, signInOptions?: SecondarySignInOptions, paramsOptions?: Record<string, string>) => Promise<SignInResult>;
		@@ -564,2 +575,3 @@ export interface ModuleOptionsNormalized extends ModuleOptions {
		globalAppMiddleware: NonNullable<ModuleOptions['globalAppMiddleware']>;
		originEnvKey: string;
		computed: {
		@@ -566,0 +578,0 @@ origin: string \| undefined;

4

dist/runtime/utils/fetch.d.ts

		@@ -1,2 +0,2 @@
		import { useNuxtApp } from '#imports';
		export declare const _fetch: <T>(nuxt: ReturnType<typeof useNuxtApp>, path: string, fetchOptions?: Parameters<typeof $fetch>[1]) => Promise<T>;
		import type { useNuxtApp } from '#imports';
		export declare function _fetch<T>(nuxt: ReturnType<typeof useNuxtApp>, path: string, fetchOptions?: Parameters<typeof $fetch>[1]): Promise<T>;

6

dist/runtime/utils/kit.d.ts

		@@ -1,6 +0,6 @@
		import { type RouteOptions } from '../types';
		import type { RouteOptions } from '../types';
		/**
		* Removes query params from url path.
		*/
		export declare const withoutQuery: (path: string) => string;
		export declare function withoutQuery(path: string): string;
		/**
		@@ -11,2 +11,2 @@ * Creates a route matcher using the user's paths.
		*/
		export declare const getNitroRouteRules: (path: string) => Partial<RouteOptions>;
		export declare function getNitroRouteRules(path: string): Partial<RouteOptions>;

3

dist/runtime/utils/local.d.ts

		@@ -1,1 +0,2 @@
		export declare const formatToken: (token: string \| null) => string \| null;
		import type { ProviderLocalResolvedConfig } from '../helpers';
		export declare function formatToken(token: string \| null \| undefined, config: ProviderLocalResolvedConfig): string \| null;

2

dist/runtime/utils/refreshHandler.d.ts

		@@ -1,2 +0,2 @@
		import type { DefaultRefreshHandlerConfig, RefreshHandler, ModuleOptionsNormalized } from '../types';
		import type { DefaultRefreshHandlerConfig, ModuleOptionsNormalized, RefreshHandler } from '../types';
		import { useAuth } from '#imports';
		@@ -3,0 +3,0 @@ export declare class DefaultRefreshHandler implements RefreshHandler {

4

dist/runtime/utils/url.d.ts

		@@ -16,3 +16,3 @@ import type { ModuleOptionsNormalized } from '../types';
		*/
		export declare const navigateToAuthPages: (href: string) => any;
		export declare function navigateToAuthPages(href: string): any;
		/**
		@@ -26,2 +26,2 @@ * Determins the desired callback url based on the users desires. Either:
		*/
		export declare const determineCallbackUrl: <T extends string \| Promise<string>>(authConfig: ModuleOptionsNormalized, getOriginalTargetPath: () => T) => T \| string \| undefined;
		export declare function determineCallbackUrl<T extends string \| Promise<string>>(authConfig: ModuleOptionsNormalized, getOriginalTargetPath: () => T): T \| string \| undefined;

23

package.json

		{
		"name": "@sidebase/nuxt-auth",
		"version": "0.8.2",
		"version": "0.9.0",
		"license": "MIT",
		"type": "module",
		"description": "Authentication built for Nuxt 3! Easily add authentication via OAuth providers, credentials or Email Magic URLs!",
		"homepage": "https://auth.sidebase.io",
		"repository": {
		"type": "git",
		"url": "https://github.com/sidebase/nuxt-auth"
		},
		"engines": {
		"pnpm": ">=9.4.0",
		"node": ">=22.3.0"
		"node": ">=20"
		},
		@@ -36,2 +42,3 @@ "exports": {
		"devDependencies": {
		"@antfu/eslint-config": "^2.25.0",
		"@nuxt/module-builder": "^0.5.5",
		@@ -44,2 +51,3 @@ "@nuxt/schema": "^3.12.4",
		"ofetch": "^1.3.4",
		"oxlint": "^0.7.0",
		"ts-essentials": "^9.4.2",
		@@ -50,13 +58,6 @@ "typescript": "^5.5.4",
		},
		"overrides": {
		"@nuxt/kit": {
		"json5": ">=2.2.2"
		},
		"@nuxtjs/eslint-config-typescript": {
		"json5": ">=1.0.2"
		}
		},
		"scripts": {
		"build": "nuxi build",
		"lint": "eslint . --max-warnings=0",
		"lint": "oxlint --deny-warnings -D correctness -D suspicious -D perf && eslint . --max-warnings=0",
		"lint:fix": "eslint . --max-warnings=0 --fix",
		"clean": "rm -rf playground-authjs/.nuxt playground-local/.nuxt playground-refresh/.nuxt dist .nuxt",
		@@ -63,0 +64,0 @@ "typecheck": "nuxi prepare playground-local && tsc --noEmit",

14

README.md

		@@ -41,3 +41,3 @@ ![@sidebase/nuxt-auth banner](.github/nuxt-auth.jpg)
		<summary>Or install manually</summary>


		#### 1. Install the package as a dev dependency
		@@ -57,3 +57,3 @@
		export default defineNuxtConfig({
		modules: ['@sidebase/nuxt-auth']
		modules: ['@sidebase/nuxt-auth']
		})
		@@ -69,4 +69,3 @@ ```
		- [`authjs`](https://auth.sidebase.io/guide/authjs/quick-start): for non-static apps that want to use [Auth.js / NextAuth.js](https://github.com/nextauthjs/next-auth) to offer the reliability & convenience of a 23k star library to the Nuxt 3 ecosystem with a native developer experience (DX)
		- [`local`](https://auth.sidebase.io/guide/local/quick-start): for static pages that rely on an external backend with a credential flow for authentication.
		- [`refresh`](https://auth.sidebase.io/guide/local/quick-start#refresh-token): for static pages that rely on an external backend with a credential flow and refresh tokens for authentication.
		- [`local`](https://auth.sidebase.io/guide/local/quick-start): for static pages that rely on an external backend with a credential flow for authentication. The Local Provider also supports refresh tokens since `v0.9.0`. Read more [here](https://auth.sidebase.io/upgrade/version-0.9.0).

		@@ -86,3 +85,3 @@ You can find a full list of our features, as well as which provider supports each feature [on our docs](https://auth.sidebase.io/guide/getting-started/choose-provider).

		### Application protection
		### Application protection
		- Application-side middleware protection for the [full application](https://auth.sidebase.io/guide/application-side/protecting-pages#global-middleware) or [specific pages](https://auth.sidebase.io/guide/application-side/protecting-pages#local-middleware)
		@@ -149,3 +148,2 @@ - Server-side [middleware](https://auth.sidebase.io/guide/authjs/server-side/session-access#server-middleware) and [endpoint protection](https://auth.sidebase.io/guide/authjs/server-side/session-access#endpoint-protection)
		- [`local`](./playground-local)
		- [`refresh`](./playground-refresh)

		@@ -170,6 +168,6 @@ ##### How to test static Nuxt 3 apps?

		# A second Nuxt app should now be running on http://localhost:3001.
		# A second Nuxt app should now be running on http://localhost:3001.
		# We use this purely for authentication
		```
		4. Visit [http://localhost:3000](http://localhost:3000) -> this should open the static application. Performing any auth-related actions, the app should send requests to the backend running on port `3001`
		4. Visit [http://localhost:3000](http://localhost:3000) -> this should open the static application. Performing any auth-related actions, the app should send requests to the backend running on port `3001`

		@@ -176,0 +174,0 @@ ## Contributing

dist/runtime/composables/refresh/useAuth.d.ts

dist/runtime/composables/refresh/useAuth.mjs

dist/runtime/composables/refresh/useAuthState.d.ts

dist/runtime/composables/refresh/useAuthState.mjs

dist/module.d.mts