saasmvp OAuth

Appearance

Initialization

The nuxt-saasmvp-oauth module separates client and server initialization for improved security. Server secrets and configuration parameters are stored in the ./server/smvp.oauth.json file located in your application's ./server directory. Client configuration parameters are supplied in a json object to the smvpInitAuth client function.

Client Functions

If you only intend to use the nuxt-saasmvp-oauth module for User Authentication, you will still need to provide the ./server/smvp.oauth.json file to configure the nuxt-saasmvp-oauth Authorization Server.

smvpInitAuth

smvpInitAuth is a client function that is used to initialize the nuxt-saasmvp-oauth module for use by the Nuxt 3 client application. The smvpInitAuth client function configures all of the nuxt-saasmvp-oauth module's client functions through the use of a json object.

Type

ts
smvpInitAuth(options: Options):Promise<boolean>

Parameters

Parameter: options
 
Type: Options
 
Description: Available options used to configure the the `nuxt-saasmvp-oauth` module for use by the Nuxt 3 client application.
ts
interface Options {
  logFlag?: boolean;      // optional
  redirectRoute?: string; // optional
}

Parameter: logFlag
 
Type: Boolean, optional
 
Description: Displays `nuxt-saasmvp-oauth` transaction and error messages in the server console. Default FALSE.

Parameter: redirectRoute
 
Type: String, optional
 
Description: The route that will be navigated to if a User attempts to navigate to a protected page without an active login. Default is home ('/').

Examples

NOTE: The smvpInitAuth client function should be called in an onMounted lifecycle event when your website initially loads. The server function smvpServerInit is run when the nuxt-saasmvp-oauth module loads.

ts
<script setup>

onMounted(async () => {
  const options = {
    logFlag: true,
    redirectRoute: '/testlogin',
  }
  smvpInitAuth(options)
})
//
</script>

Server Functions

The most important step in configuring the nuxt-saasmvp-oauth module's Authorization Server is to make sure you provide a smvp.oauth.json file in your application's ./server directory. The smvp.oauth.json file is read by the smvpServerInit.ts Authorization Server function when the nuxt-saasmvp-oauth module starts. The smvp.oauth.json file configures the nuxt-saasmvp-oauth module for both User and REST API Authentication.

smvp.oauth.json

Example

json
{
  "oauth": {
    "jwtKey": "FF92528C6D4C441CF853CF99E55E4129",
    "jwtKeyExpires": "7200",
    "boundryTime": 125,
    "logFlag": true
  },
  "protected": ["/api/v1/apitest", "/api/v1/apitest/*", "/api/v1/dummy", "/api/v1/dynamic/*", "/api/v1/nested/*", "/api/v1/query/*"]
}

Parameters

Parameter: options
 
Type: Options
 
Description: Available options used to configure the the `nuxt-saasmvp-oauth` module's Authorization Server for use by the Nuxt 3 application.
ts
interface Options {
    oauth: {
      jwtKey: string          // required
      jwtKeyExpires?: string  // optional
      boundryTime?: number    // optional
      logFlag?: boolean       // optional
    }
    protected: string []      // required
  }

Parameter: jwtKey
 
Type: JWTKey, required
 
Description: The JWTKey is a String of exactly 256 bits (32 bytes) and represents the symmetric key stored in the OAuth Authentication Server used to generate and verify the JWT Access Token.

Parameter: jwtKeyExpires
 
Type: String, optional
 
Description: The number of seconds before an issued JWT Access Token expires. Default is 3600 seconds (1 hour).

Parameter: boundryTime
 
Type: Number, optional
 
Description: The number of milliseconds after which a request for a JWT Access Token can not be honored by the Authorization Server. This is used to prevent replay attacks. Default is 100 milliseconds.

Parameter: logFlag
 
Type:Boolean, optional
 
Description: Displays `nuxt-saasmvp-oauth` transaction and error messages in the server console. Default FALSE.

Parameter: protected
 
Type: object | string[], required
 
Description: The `protected` string array contains the developer defined REST API routes that need to be authenticated before allowing REST API Endpoint access. You can leave the array empty (i.e. [ ]) if you are not using REST API authentication or do not want to protect any REST API Endpoints. The following is an example of `protected` string array:
json
"protected": ["/api/v1/apitest", "/api/v1/apitest/*", "/api/v1/dummy", "/api/v1/dynamic/*", "/api/v1/nested/*", "/api/v1/query/*"]

Defining Protected REST API Routes

More information on protecting API Rest Endpoints can be found in the REST API Authentication topic Defining Protected REST API Routes

Released under the MIT License

Copyright © 2024 The saasmvp Project