fix(#732): disable server side refresh token plugin when disableServerSideAuth

[xavren]

Hello,

Experienced some issue while using SSR and refreshToken although disableServerSideAuth is true

To reproduce with homepage as SSR and nuxt config with

auth: { isEnabled: true, disableServerSideAuth: true, originEnvKey: "AUTH_ORIGIN", baseURL: "/api/authentication/", provider: { type: "local", endpoints: { signIn: { path: "", method: "post" }, signOut: { path: "logout", method: "post" }, signUp: { path: "register", method: "post" }, getSession: { path: "user", method: "get" }, }, refresh: { token: { signInResponseRefreshTokenPointer: "/refresh_token", refreshRequestTokenPointer: "/refresh_token", }, isEnabled: true, endpoint: { path: "refresh", method: "post" }, refreshOnlyToken: false, }, }, sessionRefresh: { enablePeriodically: 60 * 45 * 1000, enableOnWindowFocus: true, }, }, 

With http call

curl --location 'http://localhost:3000/' \ --header 'Cookie: auth.token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE3NDcxMjY5NjYsImV4cCI6MTc0NzEzMDU2Niwicm9sZXMiOlsiUk9MRV9VU0VSIiwiUk9MRV9DRU5UUkFMIiwiUk9MRV9JTlNUSVRVVElPTkFMIl0sInVzZXJuYW1lIjoiY2VudHJhbF8wQGV4YW1wbGUuY29tIiwib3JnYW5pemF0aW9uIjoyLCJwcm92aWRlciI6ImxvY2FsIn0.jzj9t2NK3lyS-d36mIL6q7nIYN2paw-nhP2cCWF8jeE6Wlr44iXcinRO-T8LgNQcJMTFUJeXKR_NeU4xSNBx5lsEi7B0nRK-kw1w2GjfjxdjbA0k2dLAdTrnpfXrFrBwqacvp_WusIvEBv0800W8682rbfZ7PI9O3i35G8wqbdyuvHq2bcVBl6_4VLpwkwXJdVztOOQtL-qqJ8txnD-Xpr9o5ZBCgkGnPp9x6wWrFcveMX84GB83pXWNm9uu48zWwf7G3KdzD70XUa5v0YviaY1QIw89iKqDxm0c1799VCBOqTUdbwWhQ3B8OWnwDCtkWuOXXL7wWPpPfsVn6_d0hXX6fro9fM31yPfkI4aaYqoZzuX1vkqhyKJVDjHgEkMqp5jojZtgFAUwx_E0HdQSibZOqCX6Bjm8hGcTzBdsISWbXAEYIIddXB89zRFb0u6IDVRLc8Yx9zqyXtVDqCZDVj8bQSrLATLEiVIkGp7Mup5Hhq6Id5EqOogU0mJefwGcq9AUkb4ncWodHZ9eHvixSYB2UTCXHU_iMh67bwaOAfLVCLYEO6xALNvaU4nlh1FjakVF8M7ihIUfzLDMouuuFNEfJi4nGAjei5ESGTHVTjYDznxbQqt2m3Jml0nMhxKDewxNrZQm35KZwQxX8KscEZt9uBj5gqnW2DD0ssMGek4; auth.refresh-token=488ed1270df996d22c6aed4f438c4593bc3aed0095331211bf4ac79bcea6389324d6cd1bbf2d0b7b725a79ca63edec9a13a579a5a94f1e4acdf73f005711f790' 

Remove the cookie with http header

set-cookie	auth.token=; Max-Age=0; Path=/; SameSite=Lax

This fix is working for us and will be happy to read about your recommendations ;)

🔗 Linked issue

#732
#1002

❓ Type of change

• 🐞 Bug fix (a non-breaking change that fixes an issue)

📚 Description

📝 Checklist

• I have linked an issue or discussion.

[xavren]

Thanks to @flibustier for the digging effort

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@sidebase/nuxt-auth@1021 

commit: 7ed3eb1

[phoenix-ru]

Hi @xavren, thanks for the PR! I think it's a clear enough oversight that when disabling server-side auth, there shouldn't be a server plugin trying to refresh tokens 🙂