User gets logged out when the user endpoint encounters any kind of error (Not just 401)

[sadeghi-aa]

Environment

• Operating System: Darwin
• Node Version: v20.18.1
• Nuxt Version: 3.15.4
• CLI Version: 3.21.1
• Nitro Version: 2.10.4
• Package Manager: yarn@1.22.22
• Builder: -
• User Config: compatibilityDate, devtools, css, app, modules, postcss, vite, runtimeConfig, auth
• Runtime Modules: @pinia/nuxt@0.9.0, @nuxt/eslint@1.0.0-rc.1, @sidebase/nuxt-auth@0.10.0
• Build Modules: -

Reproduction

Mock the response of the user endpoint so that it doesn't get a 200 response; anything other than a 401 error would be fine.

Describe the bug

When the API call for the user endpoint gets an error, the user gets logged out. This is an unwanted behavior for our use case. We only want to log out the user when an API call gets a 401 error. Other cases could be temporary network or server issues and logging out the user is an extreme reaction because the issue is very likely to be resolved with a refresh (assuming the JWT token is still valid).

Additional context

@nuxtjs/auth-next module had a config called resetOnError which could be set to false and we could override the error behavior by setting $auth.onError handler. I couldn't find a similar config in this module.

Logs

This is an example error log of the scenario I described.
Our website could only be accessed via a VPN and if you open the website without that VPN, you get logged out.
This would be annoying for the users.

ERROR  Session: unable to extract session, [GET] "https://some.domain.com/api/user/": 403 Forbidden

[sadeghi-aa]

@phoenix-ru

I'd be happy to help you develop this feature. If that's OK with you, what solution do you think is better to be implemented?

These are some of the possible options we could choose from:

1. Only log out the user if the request has actually received a 401 status.
2. Give the developer an option to disable the default behavior and provide a callback function for the catch block of getSession
3. What else?

Also, meanwhile, is there any workaround I could use to use this module with my expected behavior?

[phoenix-ru]

Hi @sadeghi-aa , this will be covered as a part of #964 , you will have a hook for handling the errors in any of the NuxtAuth functions (including getSession).
At the moment I can't really suggest you anything. Have you solved it in the meantime?

[sadeghi-aa]

Hello @phoenix-ru

Yeah, that would work for me too. Right now I've patched these sections:

nuxt-auth/src/runtime/utils/fetch.ts

Line 6 in fba0eea

export async function _fetch<T>(nuxt: ReturnType<typeof useNuxtApp>, path: string, fetchOptions?: Parameters<typeof $fetch>[1]): Promise<T> {

I added a throwRawError = false parameter to the _fetch function. Then:

nuxt-auth/src/runtime/utils/fetch.ts

Lines 24 to 40 in fba0eea

	try {
	return $fetch(joinedPath, fetchOptions)
	}
	catch (error) {
	let errorMessage = `${ERROR_PREFIX} Error while requesting ${joinedPath}.`
	if (runtimeConfig.public.auth.provider.type === 'authjs') {
	errorMessage += ' Have you added the authentication handler server-endpoint `[...].ts`? Have you added the authentication handler in a non-default location (default is `~/server/api/auth/[...].ts`) and not updated the module-setting `auth.basePath`?'
	}
	errorMessage += ' Error is:'
	console.error(errorMessage)
	console.error(error)
	throw new FetchConfigurationError(
	'Runtime error, check the console logs to debug, open an issue at https://github.com/sidebase/nuxt-auth/issues/new/choose if you continue to have this problem'
	)
	}
	}

At the beginning of the catch block, I check if throwRawError is set to true. If yes, I throw the error and "override" the current behavior of it. This was necessary for me to check the status code of the error in getSession. And finally in getSession:

nuxt-auth/src/runtime/composables/local/useAuth.ts

Line 141 in fba0eea

const result = await _fetch<any>(nuxt, path, { method, headers })

I call the _fetch function with true for my new throwRawError parameter. And finally:

nuxt-auth/src/runtime/composables/local/useAuth.ts

Lines 151 to 152 in fba0eea

	data.value = null
	rawToken.value = null

I only run these lines if err?.status is 401 which of course is very specific for my own use case.

[JonathanChan1234]

May I know if the throwRawError options is available in the latest version or we need to make the change ourselves?

[phoenix-ru]

It's not yet available at the moment

[phoenix-ru]

The error behaviour will be customizable in the new experimental hooks provider after #1062 gets merged