Optional `getSessionHeaders` parameter to `getSession` function of `useAuth` composable

[root5427]

Describe the feature

Feature

It would be great if there will be an optional parameter getSessionHeaders (and maybe getSessionParams) in getSession funciton of useAuth composable for local provider.

Why?

In some cases a developer needs to pass a parameter (or multiple) to the custom authentication backend to get authenticated session data.

It is done properly in signIn function of useAuth composable in local provider:

nuxt-auth/src/runtime/composables/local/useAuth.ts

Lines 18 to 78 in 52d4b9a

	const signIn: SignInFunc<Credentials, any> = async (credentials, signInOptions, signInParams, signInHeaders) => {
	const nuxt = useNuxtApp()
	const runtimeConfig = useRuntimeConfig()
	const config = useTypedBackendConfig(runtimeConfig, 'local')
	const { path, method } = config.endpoints.signIn
	const response = await _fetch<Record<string, any>>(nuxt, path, {
	method,
	body: credentials,
	params: signInParams ?? {},
	headers: signInHeaders ?? {}
	})
	const { rawToken, rawRefreshToken } = useAuthState()
	// Extract the access token
	const extractedToken = jsonPointerGet(response, config.token.signInResponseTokenPointer)
	if (typeof extractedToken !== 'string') {
	console.error(
	`Auth: string token expected, received instead: ${JSON.stringify(extractedToken)}. `
	+ `Tried to find token at ${config.token.signInResponseTokenPointer} in ${JSON.stringify(response)}`
	)
	return
	}
	rawToken.value = extractedToken
	// Extract the refresh token if enabled
	if (config.refresh.isEnabled) {
	const refreshTokenPointer = config.refresh.token.signInResponseRefreshTokenPointer
	const extractedRefreshToken = jsonPointerGet(response, refreshTokenPointer)
	if (typeof extractedRefreshToken !== 'string') {
	console.error(
	`Auth: string token expected, received instead: ${JSON.stringify(extractedRefreshToken)}. `
	+ `Tried to find refresh token at ${refreshTokenPointer} in ${JSON.stringify(response)}`
	)
	return
	}
	rawRefreshToken.value = extractedRefreshToken
	}
	const { redirect = true, external, callGetSession = true } = signInOptions ?? {}
	if (callGetSession) {
	await nextTick(getSession)
	}
	let { callbackUrl } = signInOptions ?? {}
	if (typeof callbackUrl === 'undefined') {
	const redirectQueryParam = useRoute()?.query?.redirect
	if (redirectQueryParam) {
	callbackUrl = redirectQueryParam.toString()
	}
	else {
	callbackUrl = await determineCallbackUrl(runtimeConfig.public.auth, () => getRequestURLWN(nuxt))
	}
	}
	if (redirect) {
	return navigateTo(callbackUrl, { external })
	}
	}

Example case when it is needed

I am currently using supabase as an auth backend, and for all the API requests it is required to pass apikey header.

How would you implement this?

No response

Additional information

• Would you be willing to help implement this feature?

Provider

• AuthJS
• Local
• Refresh
• New Provider

[root5427]

Workaround (for query parameters)

One way to achieve desired behavior is to inject corresponding query parameters into endpoint path:

export default defineNuxtConfig({
    // ... existing config
    auth: {
        provider: {
            type: 'local',
            endpoints: {
                signIn: {
                    path: `/api/v1/auth/sign-in?apikey=${import.meta.env.AUTH_SERVER_KEY}`,
                    method: 'post'
                }
            }
        }
    }
})

Still an issue

But still the question remains open and maybe there should be an option to configure this behavior through module options in nuxt.config.ts. Because of the need to send those query parameters (or/and headers) on all requests that are made under the hood by @sidebase/nuxt-auth.

[phoenix-ru]

Hi @root5427 , thank you for a good feature request

There is a WIP RFC to which I added your usecase: #964. This RFC will be prioritized after 0.10 is stabilized. You will be able to configure anything inside the requests going out of the local provider