Cookie only authentication seems to be broken

[paqtcom-arlon]

Version

module: 5.0.0-1624817847.21691f1
nuxt: 2.15.7

Nuxt configuration

mode:

• universal
• spa

Nuxt configuration

  auth: {
    redirect: {
      login: '/',
      logout: '/',
      home: '/home'
    },
    strategies: {
      session: {
        token: {
          prefix: 'APP_NAME_',
          required: false,
          type: false
        },
        provider: 'laravel/sanctum',
        url: process.env.BACKEND_URL,
        endpoints: {
          login: { url: '/login' },
          logout: { url: '/logout' },
          user: { url: '/api/auth/user' },
        },
        user: {
          property: 'data'
        },
        redirect: {
          home: "/home",
        },
      },
    },
    localStorage: false,
    cookie: {
      prefix: ''
    }
  },

Reproduction

The provided example does not work with LaravelSanctum at all at this moment. Retrieving a 502 on https://laravel-auth.nuxtjs.app/

What is expected?

When token.required is disabled, it would be expected to completely skip token based checking, as specified by the docs.

What is actually happening?

Token check is always done for Cookie scheme, through that not supporting / checking cookie only flows.

auth-module/src/schemes/cookie.ts

Line 64 in 3c73e64

if (!super.check().valid) {

This causes the application to not consider the user logged in, while they clearly are. When a login is triggered, LaravelSanctum will return a 302, which would try to redirect the user to the backend.

Steps to reproduce

• Start a simple LaravelSanctum project with everything set to cookie/session based authentication
• Use the provided NuxtJS Auth module configuration
• Login in the backend through a small backdoor (simple Auth::login(User::first)) would be enough)
• Go to the nuxt application and see that the person is not considered logged in
• When you try to login see that the backend returns a 302

Additional information

Checklist

• I have tested with the latest Nuxt version and the issue still occurs
• I have tested with the latest module version and the issue still occurs
• I have searched the issue tracker and this issue hasn't been reported yet

What is actually happening?

I think cookie only authentication has been broken since the following commit. Before it would skip the retrieval of the token if it was not required. Which would then return a positive auth to the scheme's above (like the CookieScheme), which would then continue with their way of authenticating..

[jezeniel]

Yes this is actually happening to me, the cookie name we specified already exists, but after the call of withLogin(), $auth.loggedIn still returns false, you still have to refresh for nuxt to detect the cookie.