Releases

Please see status page in documentation.

Bug Fixes

• oauth2: use normalized path for callback route check (#587) (ffda6b0)

Docs

• auth: add setUser documentation (#565)
• local: update autoFetchUser description (#565)
• setup: added link on how to activate vuex store (#617)
• oauth2: fix broken link (#609)
• options: fix typo in callback paragraph (#582)
• demo: fix data object property (#580)
• fix typo in links (#553)
• remove await from setUser example (#569)

Features

• core: return response from loginWith (#541) (7e4f1ed), closes #144 #411 #249
• local scheme: add autoFetchUser option (#543) (344920c)

Bug Fixes

• clear tokens when calling $auth.reset() (#544) (ab75ebc), closes #172
• fix setUserToken issues (#528) (02d14ac), closes #278
• remove the trailing slash of paths in isSameURL (#542) (fb63f6f)
• module: don't log fatal error when vuex is disabled (#518) (59831fb)

...We have good news for next releases stay tuned!

Bug Fixes

• core: always return boolean form hasScope (a2da3a4)
• core: support querystring only url for isRelativeURL (#492) (09d81ea)
• module: always transpile nanoid dependency (used for oauth2) for IE11 support (8ef5a9b), closes #472

Bug Fixes

• oauth2: restore callback handling on static sites (#453) (06165a0)

Bug Fixes

• core: set loggedIn after user (#449) (458d60b)

Bug Fixes

• Move body-parser to dependencies (#441) (@nzakas)

Bug Fixes

• utilities: avoid send xxx=undefined in query (#387) (7c79fd4)(@bluelovers)
• core: regression from #385 when callback is set to false (#391) (4605681)(@studnitz)
• oauth2: correctly handle callback with hash (#394) (9cf304f)(@mmachatschek)

Bug Fixes

• don't redirect to login page if in guest mode (#385) (3ee609d) (@studnitz)

Features

• oauth2: support server-side callback (#381) (af550d4)(@atinux)

Before:

After:

Features

• oauth2: support access_type=offline to enable refresh tokens from google (#303) (9553f5c) (@elson)

Docs

• add logout info about auth0 (#378) (@bcnzer)

Bug Fixes

• set-cookie header contains undefined value (#372) (323346e) (@Yama-Tomo)

Bug Fixes

• fix typo in serializedCookie (648fdc9) (thanks to @Sheby)

Bug Fixes

• server side Set-Cookie always set an array. (#367) (4d3feff)

Improvements

• module: warn if default strategy is not valid (#365) (@motia)

Bug Fixes

• storage: accept expires as a number for cookie (dd92ec8)

Bug Fixes

• Add audience to requests (#222, #239) (@kazazes)
• Set extended for body-parser urlencoded to prevent the deprecation warning (#199) (@tobyryuk)
• Remove trailing slash from redirect paths (#235) (@sghgh1996)
• Handle mounted errors during init (#234) (@gotoin)
• Prevent loggedIn being incorrectly set to true (#346) (@glennjacobs, @alexbonhomme, @t-matsu-j)
• Replace deprecated process.browser with process.client (#269) (@sschadwick)
• Preserve query params when redirecting (#193) (@mathieutu)

New Features

• Add resetOnError (#197) (@ishitatsuyuki)
• Add setUserToken (#278) (@dgwight)
• Use strategy tokenName for requestWith (#301) (@terion-name, @farnabaz)
• Support passing extra query params (#358) (@rchl)
• Generate nounce for id_token response type (#298) (@jefer590)
• Add guest option in auth middleware (#264) (@ricardogobbosouza)
• Accept state and nonce as login args (e5579e9)
• Support onRedirect hook (#185) (@paulgv)
• Improve storage and support server-set cookies (#360) (huge thanks to @MathiasCiarlo)

Docs

Thanks to @3vilArthas, @af12066, @ansidev, @aretw0, @chettapong, @drewjbartlett, @f213, @farnabaz, @jahangirahmad, @LeCoupa, @NinthAutumn, @PJLindsay, @potato4d, @rodgarcia, @sgarner, @shadowlion, @sobolevn, @timmyg, @tomsaleeba for contributing to the docs :heart:

4.5.1 (2018-05-21)

Bug Fixes

• module: allow watchLoggedIn (471d59f)

4.5.0 (2018-05-21)

Bug Fixes

• auth: start watching loggedIn state after current strategy is fully mounted (#80) (2497cc0)
• docs: add comma following _scheme value (#189) (d993e01)

Features

• add watchLoggedIn option to optionally disable it (#80) (16a7904)

4.4.0 (2018-05-18)

Bug Fixes

• storage: use false value for unsetting token/user (#160) (0450b57), closes nuxt-community/auth-module#133

Features

• oauth2: set axios token (#175) (6206803)

Reverts

• revert #158 due to conflicts (2afe9ca)

4.2.1 (2018-04-27)

Bug Fixes

• storage cookie get on client side (#153) (8275e60)
• watch loggedIn: disable redirect on direct page loads (#158) (0386eb9)

4.3.0 (2018-04-28)

Bug Fixes

• github provider (#159) (8b1819f)

Features

• laravel passport provider (#157) (9b09459)

4.2.0 (2018-04-20)

Bug Fixes

• add check for req object on getCookie (#132) (7d17f75)
• don't redirect callback to login when using 'auth' globally (#131) (08d86cb)
• docs: update redirect in options.md (#146) (19de22b)
• fullPathRedirect with query support (#149) (a37d599)
• logout locally before logging in. fixes #136. (#151) (b6cfad4)

Features

• oauth2: support authorization code grant and refresh token (#145) (18ecca5)
• add support for custom token key in request header (#152) (f7576e3)

4.1.0 (2018-04-09)

Features

• scheme/oauth2: add option to use IdToken instead of AccessToken (#121) (554a042)
• add support for logging out without an API endpoint (#124) (6189c6d)

Bug Fixes

• local-scheme-token: avoid token type duplicata on Axios requests (3908563)
• local-scheme-token: removed token type from axios setToken (c64e7f1), closes #113
• scheme-resolution: fix problem with backslashes in path to schemes on windows (77161b8)
• no token exception when tokenRequired is set to false (#118) (56265a7)

Thanks for your patience and feedback that made this possible. 💖

We are going back to the standard release cycles.

Please see New Docs, Examples and Migration Guide for getting started.

Bug Fixes

• clear axios token after logout (#84) (be65f09)
• Typo in README.md (1ec0882)
• use getToken (bec8518)
• wrong axios ordering in windows platform. (#56) (44db0d4)
• auth: return promise reject on request error (f2883c6)
• fetchUser: fetchUser should only be called when enabled (dd0638e)
• fetchUser: fetchUser should only be called when enabled (#60) (beb3121)
• module: remove duplicate strategy options (2e167f8)

Features

• add auth0-js scheme (c38a1e4)
• package: add client-oauth2 (e0efa60)
• redirect: add full path redirect option (#96) (ca8785f)
• allow extending auth with plugins (#98) (3712a60)
• allow providers params to be overloaded from nuxt.config.js (#77) (8542959)
• handle invalid strategy (f079ae2)
• loginWith function (2aed448)
• test: add custom _provider and _scheme for basic fixture (7423e77)
• use consola for cli messages (1db2b2e)
• user and loggedIn shortcuts (13a5eec)

Performance Improvements

• module: optimize plugin (b7998c6)

changes

• plugin and init logic refactored. Any unhandled error will be caught now. This helps to prevent application crashing with auth module. (b58ca17)
• resetOnError is set to false by default. Previously any network error was causing user log out! We are working on better oauth token reset methods.
• fix scope checks during logout (e2ebd97)

Bug Fixes

• Auth: register vuex store before all watchers (006650f)

4.0.0-rc.1 (2018-02-03)

Bug Fixes

• deps: update dependencies (5d6cb8a)
• watcher: close #52 and undefined bug (2a03f2f)

Features

• watchState and watchLoggedIn (b628455), closes #52

This is an almost rewrite of Auth module, to improve perf, stability and make it more customizable.

Highlights:

• auth and no-auth middleware unified to a smarter auth middleware.
• isLoggedIn will be automatically watched for changes and changing route on login/logout.
• Replaced auth store in the flavor of a new Auth class.
• $auth instance is shared across Nuxt context (plugins, middleware, pages, etc).
• Options simplified
• The token is no longer exposed in server response (As a Set-Cookie header or window.nuxt.state) for security reasons.
• Error handling is now unified and is pluggable using $auth.onError.
• No more duplicate requests to user endpoint.
• Token/User extraction is easily possible using entrypoint.propertyName. It supports nested values like token.AccessToken or even more complicated ones including arrays like devices.0.token.
• A new hasScope utility to easily check permissions.
• Docs updated
• A fully working JWT example is added. Source Code. Deployed version.

Please be sure to read both Docs and Migration guide

---

Thanks:

• @breakingrobot - New collaborator - He helped with many ideas in this release
• @heww for early testing