NuxtJS state changes and firebase authentication

Question

I am still a nuxt beginner, so please excuse any faults.

I am using the "official" firebase module for nuxt https://firebase.nuxtjs.org/ to access firebase services such as auth signIn and singOut.

This works.

However, I am using nuxt in universal mode and I cannot access this inside my page fetch function. So my solution is to save this info in the vuex store and update it as it changes.

So, once a user is logged in or the firebase auth state changes, a state change needs to happen in the vuex store.

Currently, when a user logs in or the firebase auth state changes, if the user is still logged in, I save the state to my store like so :

const actions = {
  async onAuthStateChangedAction(state, { authUser, claims }) {
    if (!authUser) {
      // claims = null
      // TODO: perform logout operations
    } else {
      // Do something with the authUser and the claims object...
      const { uid, email } = authUser
      const token = await authUser.getIdToken()

      commit('SET_USER', { uid, email, token })
    }
  }
}

I also have a mutation where the state is set, a getter to get the state and the actual state object as well to store the initial state:

const mutations = {
  SET_USER(state, user) {
    state.user = user
  }
}

const state = () => ({
  user: null
})

const getters = {
  getUser(state) {
    return state.user
  }
}

My problem is, on many of my pages, I use the fetch method to fetch data from an API and then I store this data in my vuex store.

This fetch method uses axios to make the api call, like so:

async fetch({ store }) {
  const token = store.getters['getUser'] //This is null for a few seconds
  const tempData = await axios
       .post(
         my_api_url,
         {
           my_post_body
         },
         {
           headers: {
             'Content-Type': 'application/json',
             Authorization: token
           }
         }
       )
    .then((res) => {
      return res.data
    })
    .catch((err) => {
    return {
    error: err
    }
    console.log('error', err)
    })
    store.commit('my_model/setData', tempData)
 }

Axios needs my firebase user id token as part of the headers sent to the API for authorization.

When the fetch method runs, the state has not always changed or updated yet, and thus the state of the user is still null until the state has changed, which is usually about a second later, which is a problem for me since I need that token from the store to make my api call.

How can I wait for the store.user state to finish updating / not be null, before making my axios api call inside my fetch method ?

I have considered using cookies to store this information when a user logs in. Then, when inside the fetch method, I can use a cookie to get the token instead of having to wait for the state to change. The problem I have with this approach is that the cookie also needs to wait for a state change before it updates it's token, which means it will use an old token upon the initial page load. I might still opt for this solution, it just feels like it's the wrong way to approach this. Is there any better way to handle this type of conundrum ?

Also, when inside fetch, the first load will be made from the server, so I can grab the token from the cookie, however the next load will be from the client, so how do I retrieve the token then if the store value will still be null while loading ?

EDIT:

I have opted for SPA mode. After thinking long and hard about it, I don't really need the nuxt server and SPA mode has "server-like" behaviour, where you could still use asyncdata and fetch to fetch data before pages render, middleware still works similar and authentication actually works where you dont have to keep the client and server in sync with access tokens etc. I would still like to see a better solution for this in the future, but for now SPA mode works fine.

Answer 1

I came across this question looking for a solution to a similar problem. I had a similar solution in mind as mentioned in the other answer before coming to this question, what I was looking for was the implementation details.

I use nuxt.js, the first approach that came to my mind was make a layout component and render the <Nuxt/> directive only when the user is authenticated, but with that approach, I can have only one layout file, and if I do have more than one layout file I will have to implement the same pre-auth mechanism across every layout, although this is do-able as now I am not implementing it in every page but implementing in every layout which should be considerably less.

I found an even better solution, which was to use middlewares in nuxt, you can return a promise or use async-await with the middleware to stop the application mounting process until that promise is resolved. Here is the sample code:

// middleware/auth.js
export default async function ({ store, redirect, $axios, app }) {
  if (!store.state.auth) { // if use is not authenticated
    if (!localStorage.getItem("token")) // if token is not set then just redirect the user to login page
      return redirect(app.localePath('/login'))
    try {
      const token = localStorage.getItem("token");
      const res = await $axios.$get("/auth/validate", { // you can use your firebase auth mechanism code here
        headers: {
          'Authorization': `Bearer ${token}`
        }
      });
      store.commit('login', { token, user: res.user }); // now just dispatch a login action to vuex store
    }
    catch (err) {
      store.commit('logout'); // preauth failed, so dispatch logout action which will clear localStorage and our Store
      return redirect(app.localePath('/login'))
    }
  }
}

Now you can use this middleware in your page/layout component, like so:

<template>
  ...
</template>
<script>
export default {
  middleware: "auth",
  ...
}
</script>

Answer 2

One way of fixing this is to do the firebase login before mounting the app.

Get the token from firebase, save it in vuex and only after that mount the app. This will ensure that by the time the pages load you have the firebase token saved in the store.

Add checks on the routes for the pages that you don't want to be accessible without login to look in the store for the token (firebase one or another) and redirect to another route if none is present.