🚧 v5 12/7/2020

Please see status page in documentation.

v4.9.1 4/16/2020

Bug Fixes

  • oauth2: use normalized path for callback route check (#587) (ffda6b0)


  • auth: add setUser documentation (#565)
  • local: update autoFetchUser description (#565)
  • setup: added link on how to activate vuex store (#617)
  • oauth2: fix broken link (#609)
  • options: fix typo in callback paragraph (#582)
  • demo: fix data object property (#580)
  • fix typo in links (#553)
  • remove await from setUser example (#569)

v4.9.0 3/15/2020


Bug Fixes

...We have good news for next releases stay tuned!

v4.8.5 12/27/2019

Bug Fixes

  • core: always return boolean form hasScope (a2da3a4)
  • core: support querystring only url for isRelativeURL (#492) (09d81ea)
  • module: always transpile nanoid dependency (used for oauth2) for IE11 support (8ef5a9b), closes #472

v4.8.4 9/12/2019

Bug Fixes

  • oauth2: restore callback handling on static sites (#453) (06165a0)

v4.8.3 9/10/2019

Bug Fixes

v4.8.2 9/5/2019

Bug Fixes

  • Move body-parser to dependencies (#441) (@nzakas)

v4.8.1 6/24/2019

Bug Fixes

  • utilities: avoid send xxx=undefined in query (#387) (7c79fd4)(@bluelovers)
  • core: regression from #385 when callback is set to false (#391) (4605681)(@studnitz)
  • oauth2: correctly handle callback with hash (#394) (9cf304f)(@mmachatschek)

v4.8.0 6/23/2019

Bug Fixes

  • don't redirect to login page if in guest mode (#385) (3ee609d) (@studnitz)


  • oauth2: support server-side callback (#381) (af550d4)(@atinux)





v4.7.0 6/13/2019


  • oauth2: support access_type=offline to enable refresh tokens from google (#303) (9553f5c) (@elson)


  • add logout info about auth0 (#378) (@bcnzer)

v4.6.6 6/5/2019

Bug Fixes

  • set-cookie header contains undefined value (#372) (323346e) (@Yama-Tomo)

v4.6.5 6/3/2019

Bug Fixes

  • fix typo in serializedCookie (648fdc9) (thanks to @Sheby)

v4.6.4 6/3/2019

Bug Fixes

  • server side Set-Cookie always set an array. (#367) (4d3feff)

v4.6.3 5/31/2019


  • module: warn if default strategy is not valid (#365) (@motia)

v4.6.1 5/31/2019

Bug Fixes

  • storage: accept expires as a number for cookie (dd92ec8)

v4.6.0 5/30/2019

Bug Fixes

  • Add audience to requests (#222, #239) (@kazazes)
  • Set extended for body-parser urlencoded to prevent the deprecation warning (#199) (@tobyryuk)
  • Remove trailing slash from redirect paths (#235) (@sghgh1996)
  • Handle mounted errors during init (#234) (@gotoin)
  • Prevent loggedIn being incorrectly set to true (#346) (@glennjacobs, @alexbonhomme, @t-matsu-j)
  • Replace deprecated process.browser with process.client (#269) (@sschadwick)
  • Preserve query params when redirecting (#193) (@mathieutu)

New Features

  • Add resetOnError (#197) (@ishitatsuyuki)
  • Add setUserToken (#278) (@dgwight)
  • Use strategy tokenName for requestWith (#301) (@terion-name, @farnabaz)
  • Support passing extra query params (#358) (@rchl)
  • Generate nounce for id_token response type (#298) (@jefer590)
  • Add guest option in auth middleware (#264) (@ricardogobbosouza)
  • Accept state and nonce as login args (e5579e9)
  • Support onRedirect hook (#185) (@paulgv)
  • Improve storage and support server-set cookies (#360) (huge thanks to @MathiasCiarlo)


Thanks to @3vilArthas, @af12066, @ansidev, @aretw0, @chettapong, @drewjbartlett, @f213, @farnabaz, @jahangirahmad, @LeCoupa, @NinthAutumn, @PJLindsay, @potato4d, @rodgarcia, @sgarner, @shadowlion, @sobolevn, @timmyg, @tomsaleeba for contributing to the docs :heart:

v4.5.1 5/21/2018

4.5.1 (2018-05-21)

Bug Fixes

  • module: allow watchLoggedIn (471d59f)

v4.5.0 5/21/2018

4.5.0 (2018-05-21)

Bug Fixes

  • auth: start watching loggedIn state after current strategy is fully mounted (#80) (2497cc0)
  • docs: add comma following _scheme value (#189) (d993e01)


  • add watchLoggedIn option to optionally disable it (#80) (16a7904)

v4.4.0 5/18/2018

4.4.0 (2018-05-18)

Bug Fixes



v4.2.1 4/28/2018

4.2.1 (2018-04-27)

Bug Fixes

  • storage cookie get on client side (#153) (8275e60)
  • watch loggedIn: disable redirect on direct page loads (#158) (0386eb9)

v4.3.0 4/28/2018

4.3.0 (2018-04-28)

Bug Fixes


v4.2.0 4/20/2018

4.2.0 (2018-04-20)

Bug Fixes

  • add check for req object on getCookie (#132) (7d17f75)
  • don't redirect callback to login when using 'auth' globally (#131) (08d86cb)
  • docs: update redirect in (#146) (19de22b)
  • fullPathRedirect with query support (#149) (a37d599)
  • logout locally before logging in. fixes #136. (#151) (b6cfad4)


  • oauth2: support authorization code grant and refresh token (#145) (18ecca5)
  • add support for custom token key in request header (#152) (f7576e3)

v4.1.0 4/9/2018

4.1.0 (2018-04-09)


  • scheme/oauth2: add option to use IdToken instead of AccessToken (#121) (554a042)
  • add support for logging out without an API endpoint (#124) (6189c6d)

v4.0.1 4/3/2018

Bug Fixes

  • local-scheme-token: avoid token type duplicata on Axios requests (3908563)
  • local-scheme-token: removed token type from axios setToken (c64e7f1), closes #113
  • scheme-resolution: fix problem with backslashes in path to schemes on windows (77161b8)
  • no token exception when tokenRequired is set to false (#118) (56265a7)

4.0.0 is stable! 4/2/2018

Thanks for your patience and feedback that made this possible. 💖

We are going back to the standard release cycles.

Please see New Docs, Examples and Migration Guide for getting started.

Bug Fixes

  • clear axios token after logout (#84) (be65f09)
  • Typo in (1ec0882)
  • use getToken (bec8518)
  • wrong axios ordering in windows platform. (#56) (44db0d4)
  • auth: return promise reject on request error (f2883c6)
  • fetchUser: fetchUser should only be called when enabled (dd0638e)
  • fetchUser: fetchUser should only be called when enabled (#60) (beb3121)
  • module: remove duplicate strategy options (2e167f8)


  • add auth0-js scheme (c38a1e4)
  • package: add client-oauth2 (e0efa60)
  • redirect: add full path redirect option (#96) (ca8785f)
  • allow extending auth with plugins (#98) (3712a60)
  • allow providers params to be overloaded from nuxt.config.js (#77) (8542959)
  • handle invalid strategy (f079ae2)
  • loginWith function (2aed448)
  • test: add custom _provider and _scheme for basic fixture (7423e77)
  • use consola for cli messages (1db2b2e)
  • user and loggedIn shortcuts (13a5eec)

Performance Improvements

  • module: optimize plugin (b7998c6)

v4.0.0-rc.3 2/4/2018


  • plugin and init logic refactored. Any unhandled error will be caught now. This helps to prevent application crashing with auth module. (b58ca17)
  • resetOnError is set to false by default. Previously any network error was causing user log out! We are working on better oauth token reset methods.
  • fix scope checks during logout (e2ebd97)

v4.0.0-rc.2 2/3/2018

Bug Fixes

  • Auth: register vuex store before all watchers (006650f)

v4.0.0-rc.1 2/3/2018

4.0.0-rc.1 (2018-02-03)

Bug Fixes


  • watchState and watchLoggedIn (b628455), closes #52

v4.0.0-rc.0 2/2/2018

This is an almost rewrite of Auth module, to improve perf, stability and make it more customizable.


  • auth and no-auth middleware unified to a smarter auth middleware.
  • isLoggedIn will be automatically watched for changes and changing route on login/logout.
  • Replaced auth store in the flavor of a new Auth class.
  • $auth instance is shared across Nuxt context (plugins, middleware, pages, etc).
  • Options simplified
  • The token is no longer exposed in server response (As a Set-Cookie header or window.nuxt.state) for security reasons.
  • Error handling is now unified and is pluggable using $auth.onError.
  • No more duplicate requests to user endpoint.
  • Token/User extraction is easily possible using entrypoint.propertyName. It supports nested values like token.AccessToken or even more complicated ones including arrays like devices.0.token.
  • A new hasScope utility to easily check permissions.
  • Docs updated
  • A fully working JWT example is added. Source Code. Deployed version.

Please be sure to read both Docs and Migration guide


  • @breakingrobot - New collaborator - He helped with many ideas in this release
  • @heww for early testing