Authentication with Nuxt SSR?

[galaczi]

According to Adonisjs Web Guard docs:

You must use the web guard when creating a server rendered application, or for an API having a first-party client running on the same domain/sub-domain.

In my case I have a first-party client for an API. That client is a Nuxt 3 SSR/hybrid app. I am completely lost on how to validate the cookie in a Nuxt middleware. Is there an example somewhere? Or can somebody please give me the big picture?

[Barbapapazes]

Hello,

Here an exempe: https://github.com/insamee-app/mee/blob/master/plugins/getProfile.server.js (and check others parts of this repo).

But the process, in a big picture, is:

• Authenticate your user (using a login page)
• If everything is ok, Adonis will send you a cookie using the HTTP header Set Cookie
• Then, you will be able to do request to your API (Adonis) thanks to HTTP and your browser which set automatically cookies (if same domain)
• When your user will start another session (restart his browser but still login thanks to the cookie), you don't know if the authentication is valide (client-side). The tricks is to do a request to try to get the user associated to the cookie when this application start (which is the code in the first link). This request will be done every time a use start a new session, even if he has no account (but you can't know this client-side).
• If you receive an error, user is logout but if you receive a user, user is login. And because your API protect data, this, on front-end, will only be used to show or to dismiss UI parts !

I hope to anwser. Do not hesitate if you want more info!

[galaczi]

That's really helpful, thank you! I will have to dig in a bit more.