Authentication Plugin for Vue 3

• Auth
  • Demo
  • Dependencies
  • Installation
  • Usage
    • Use as Vue Plugin
    • Use with Composition API
      • login(payload: Object): Promise<AxiosResponse>
      • fetchUser(): Promise<AxiosResponse>
      • setToken(tokenData: string): void
      • setUser(userData: Object): void
      • logout(): boolean
      • forceLogout(): boolean
      • user: Object
      • loggedIn: boolean
    • Manually Creating The Auth Function
  • Default Options
  • Options
    • endpoints
    • token
    • user
    • moduleName
    • expiredStorage
    • redirect
    • registerAxiosInterceptors
    • storage
  • Implementing Refresh Token
    • Refresh Token Options
      • enabled
      • property
      • maxAge
      • storageName
      • name
      • autoLogout
  • License

• Checkout online demo here
• View example project here

• axios: Used as the default http client.
• Vuex: Used to store auth state.
• Vou Router: Used to redirect between pages.
• TypeScript: Written in TypeScript, optimize for Vue + TypeScript. But, also ship ESM and Common JS version on dist.

Install the package just like regular npm package.

npm i @gravitano/vue-auth
# OR
yarn add @gravitano/vue-auth

Install the plugin to your Vue app.

// main.js
import {createApp} from 'vue';
import Auth from '@gravitano/vue-auth'; // 👈 import the plugin
import store from '~/store'
import router from '~/router'
import axios from 'axios'

const app = createApp(App);

app.use(Auth); // 👈 use the plugin

// or with custom options
// 👇
app.use(Auth, {
  options, // auth options
  store, // vuex store instance
  axios, // axios instance
  router // vue router instance
}); // 👈 use the plugin

app.mount('#app');

After that, you can access the plugin via $auth global property.

<template>
  <div v-if="$auth.loggedIn">Logged In as : {{ $auth.user.name }}</div>
</template>

If you are using composition API, you can also access the auth object by using inject method.

import {injectAuth} from '@gravitano/vue-auth'

// user is Ref
const {user} = injectAuth()

// access the user
console.log(user)

To use the auth in composition API, just import and use the useAuth function.

import {useAuth} from '@gravitano/vue-auth';

const auth = useAuth();

// OR with object destruction
const {user} = useAuth();

Login the user and save token to the auth storage.

auth.login({
  email: '[email protected]',
  password: 'admin',
});

Fetch user data from API.

const user = await auth.fetchUser();
console.log(user);

Manually Set User Token.

auth.setToken(token);

Manually set the user data.

const userData = {
  id: 1,
  name: 'Admin',
};

auth.setUser(userData);

Logout the current user.

auth.logout();

Force logout the current user.

auth.forceLogout();

Get the current user data.

console.log(auth.user);

Get the current logged in state.

console.log(auth.loggedIn);

First, create auth.ts file under your src/plugins folder.

import {authOptions} from '~/config';
import store, {AppRootState} from '~/store';
import {createAuth} from '@gravitano/vue-auth';
import axios from 'axios';
import router from '~/router';

export const useAuth = () => createAuth<AppRootState>(authOptions, axios, store, router);

Then, in your component, just import and use it as regular composition function. For example:

<script setup lang="ts">
import {useAuth} from '~/plugins/auth'

// destruct user object from `useAuth` function
const {user} = useAuth();

console.log(user); // <-- user data
</script>

This is the default options object:

import { AuthOptions } from '@gravitano/vue-auth'

export const defaultOptions: AuthOptions = {
  endpoints: {
    login: {
      url: '/auth/login',
      method: 'post',
    },
    logout: {
      url: '/auth/logout',
      method: 'delete',
    },
    user: {
      url: '/auth/me',
      method: 'get',
    },
  },
  token: {
    property: 'data.token',
    type: 'Bearer',
    storageName: 'auth.token',
    autoDecode: false,
    name: 'Authorization',
  },
  user: {
    autoFetch: true,
    property: 'data',
    storageName: 'auth.user',
  },
  moduleName: 'auth',
  expiredStorage: 'auth.expired',
  redirect: {
    home: '/',
    login: '/auth/login',
  },
  registerAxiosInterceptors: true,
  storage: {
    driver: 'secureLs', // supported: cookie, local, secureLs (secure local storage)
  },
};

• login

  • url: Login path. E.g. /user/login
  • method: HTTP Method. E.g. GET, POST, etc.

• logout

  • url: Logout path. E.g. /user/logout
  • method: HTTP Method. E.g. GET, POST, etc.

• user

  • url: Endpoint for getting user data. E.g. /my/profile
  • method: HTTP Method. E.g. GET, POST, etc.

• property

  Token property path using dot notation.
  • Type: string
  • Default: data.token

• type

  Token type.
  • Type: string
  • Default: Bearer

• storageName

  Token storage name.
  • Type: string
  • Default: auth.token

• autoDecode

  Auto decodes token when possible. Usually used when using JWT Token.
  • Type: boolean
  • Default: true

• name

  Token header name.
  • Type: string
  • Default:Authorization

• autoFetch

  Fetch user data automatically when user successfully logged in.
  • Type: boolean
  • Default: true

• property

  Property path of user data.
  • Type: string
  • Default: data

• storageName

  Storage name for storing user data.
  • Type: string
  • Default: auth.user

Vuex's module name.

• Default: auth
• Type: string

Storage name for storing token expiratin time.

• Type: string
• Default: auth.expired

• home

  Homepage path.
  • Type: string
  • Default: /

• login

  Login path.
  • Type: string
  • Default: /

Register custom axios interceptors when true. Set the value to false if you want to use your own interceptors.

• Type: boolean
• Default: true

• driver

  • Type: string
  • Default: secureLs
  • Available Options: local | secureLs | cookie

To implement refresh token, update your auth options like so:

import { AuthOptions } from '@gravitano/vue-auth'

export const defaultOptions: AuthOptions = {
  endpoints: {
    login: {
      url: '/auth/login',
      method: 'post',
    },
    logout: {
      url: '/auth/logout',
      method: 'delete',
    },
    user: {
      url: '/auth/me',
      method: 'get',
    },
+    refresh: {
+      url: '/auth/refresh_token',
+      method: 'get',
+    },
  },
  token: {
    property: 'data.token',
    type: 'Bearer',
    storageName: 'auth.token',
    autoDecode: false,
    name: 'Authorization',
  },
  user: {
    autoFetch: true,
    property: 'data',
    storageName: 'auth.user',
  },
  moduleName: 'auth',
  expiredStorage: 'auth.expired',
  redirect: {
    home: '/',
    login: '/auth/login',
  },
  registerAxiosInterceptors: true,
  storage: {
    driver: 'secureLs', // supported: cookie, local, secureLs (secure local storage)
  },
+  refreshToken: {
+    enabled: true, // <-- make sure the value is set to true
+    property: 'data',
+    maxAge: 60 * 60 * 24 * 30, // default 30 days
+    storageName: 'auth.refresh_token',
+    name: 'refresh_token',
+    autoLogout: true,
+  },
};

Indicates the refresh token is enabled or not.

• Type: string
• Default: false

Path of refresh token property from the response.

• Type: string
• Default: data.refresh_token

Maximum age of new token.

• Type: number
• Default: 60 * 60 * 24 * 30 (30 Days)

Storage name for storing refresh token data.

• Type: string
• Default: auth.refresh_token

Payload name to sent when refreshing token.

• Type: string
• Default: refresh_token

When true, user will forced to logout and login again when refresh token failed.

• Type: boolean
• Default: true

MIT