Excessive Refresh Token Requests in Nuxt Auth (sidebase) #1014
Description
Environment
- bun v1.2.5
- Operating System: Windows_NT
- Node Version: v22.14.0
- Nuxt Version: 3.16.0
- CLI Version: 3.23.0
- Nitro Version: 2.11.6
- Package Manager: [email protected]
- Builder: -
- User Config: compatibilityDate, devtools, css, ssr, devServer, plugins, vite, typescript, modules, primevue, postcss, nitro, runtimeConfig, auth
- Runtime Modules: @nuxt/[email protected], @nuxt/[email protected], @nuxt/[email protected], @nuxt/[email protected], @nuxt/[email protected], @primevue/[email protected], @sidebase/[email protected]
- Build Modules: -
Reproduction
// https://nuxt.com/docs/api/configuration/nuxt-config
import Aura from '@primeuix/themes/aura'
export default defineNuxtConfig({
compatibilityDate: '2024-11-01',
devtools: { enabled: true },
css: ["@/assets/css/tailwind.css", "@/assets/css/main.css", "primeicons/primeicons.css"],
ssr: false,
devServer: {
host: process.env.NUXT_PUBLIC_TAURI_DEV_HOST || 'localhost'
},
plugins: [
],
vite: {
// Better support for Tauri CLI output
clearScreen: false,
// Enable environment variables
// Additional environment variables can be found at
// https://v2.tauri.app/reference/environment-variables/
envPrefix: ['VITE_', 'TAURI_'],
server: {
// Tauri requires a consistent port
strictPort: true,
},
},
typescript: {
tsConfig: {
include: [
'types/**/*',
'composables/**/*'
],
compilerOptions: {
module: 'esnext',
},
},
},
modules: [
'@nuxt/eslint',
'@nuxt/fonts',
'@nuxt/icon',
'@nuxt/image',
'@nuxt/test-utils',
"@primevue/nuxt-module",
'@sidebase/nuxt-auth',
],
primevue: {
options: {
theme: {
preset: Aura
}
}
},
postcss: {
plugins: {
"postcss-import": {},
'@tailwindcss/postcss': {},
// tailwindcss: {},
autoprefixer: {},
},
},
nitro: {
routeRules: {
'/api/**': {
proxy: {
to: `${process.env.NUXT_PUBLIC_BASE_URL || 'http://localhost:8080'}/**`,
},
},
},
},
runtimeConfig: {
public: {
baseUrl: '',
origin: ''
}
},
auth: {
origin: process.env.NUXT_PUBLIC_ORIGIN,
originEnvKey: 'NUXT_PUBLIC_ORIGIN',
baseURL: process.env.NUXT_PUBLIC_BASE_URL,
provider: {
type: 'local',
endpoints: {
signIn: {
path: '/users/login',
method: 'post'
},
signOut: {
path: '/users/logout',
method: 'post'
},
getSession: {
path: '/users/profile',
method: 'get'
}
},
token: {
signInResponseTokenPointer: '/access_token',
type: 'Bearer',
headerName: 'Authorization',
maxAgeInSeconds: 3600,
cookieName: 'auth.token',
},
refresh: {
isEnabled: true,
endpoint: {
path: '/users/refresh_token',
method: 'post'
},
refreshOnlyToken: false,
token: {
maxAgeInSeconds: 60 * 60 * 24 * 30, // 30 วัน
signInResponseRefreshTokenPointer: '/refresh_token',
refreshResponseTokenPointer: '/access_token',
refreshResponseRefreshTokenPointer: '/refresh_token',
cookieName: 'auth.refresh-token',
// cookieName: 'RefreshToken',
refreshRequestTokenPointer: '/refresh_token',
headerName: 'RefreshToken',
}
},
pages: {
login: '/sign-in'
}
}
}
})
login function
const login = async () => {
if (!validateEmail()) return
try {
const { signIn } = useAuth()
await signIn({
email: email.value,
password: password.value,
})
navigateTo('/user')
} catch (error) {
console.log(error);
}
}
user page
<template>
<div class="container mx-auto p-4 max-w-md">
<h1 class="text-2xl font-bold mb-6">User Profile</h1>
<button
class="w-full bg-red-500 hover:bg-red-600 text-white py-2 px-4 rounded transition"
@click="logout"
>
Logout
</button>
</div>
</template>
<script setup>
definePageMeta({
// middleware: 'auth'
middleware: 'sidebase-auth'
})
const logout = async () => {
await signOut({ redirect: false })
navigateTo('/sign-in')
}
</script>
Describe the bug
Problem Description
I'm experiencing an issue with Nuxt Auth (sidebase) where it's making excessive refresh token requests. I want the system to only request a new refresh token when the access token is about to expire or has expired, but currently it's making continuous requests regardless of token status.
Specific Issues:
Post-Login Refresh Requests: After a successful login where I already receive both access and refresh tokens, the system immediately starts making refresh token requests even though the access token is still valid.
Continuous Refresh Cycle: After a successful refresh token request where the tokens are properly updated in cookies, the system continues to make more refresh token requests in rapid succession, creating an endless cycle.
These excessive requests are causing problems with my backend, including token revocation due to too many requests.
Expected Behavior
The system should:
- Only attempt to refresh tokens when the access token is about to expire (e.g., within 5 minutes of expiration)
- Not make refresh requests immediately after login
- Not make continuous refresh requests after a successful refresh
Question
How can I configure Nuxt Auth to only refresh tokens when the access token is about to expire? Is there a built-in way to control the refresh timing, or do I need to implement a custom solution?
All the following images occurred during the sign-in process with email and password.
Response access and refresh when login
https://ibb.co/dw30HGwM
After that, Nuxt Auth continues to send refresh token requests. In reality, this should trigger a "not before" error, but I have disabled the "not before" check for debugging purposes and the access token and refresh token in the image have been verified to be correctly saved in the cookies.
https://ibb.co/MxY9yMX5
After that, Nuxt Auth still doesn't stop sending refresh token requests, continuing to fire them repeatedly in an infinity loop. All of these requests result in errors because they are sent too frequently, causing the tokens to be revoked.
https://ibb.co/qM5s7gS1
Additional context
No response