auth-module: LaravelJWT error with ExpiredAuthSessionError: Both token and refresh token have expired. Your request was aborted.

@nuxtjs/auth-next”: “5.0.0-1608280312.c5867c3” “nuxt”: “^2.14.12”,

  auth: {
    strategies: {
      laravelJWT: {
        provider: 'laravel/jwt',
        url: '/api/auth',
        endpoints: {
          login: { url: '/api/auth/login', method: 'post' },
          refresh: { url: '/api/auth/refresh', method: 'post' },
          user: { url: '/api/auth/user', method: 'get' },
          logout: { url: '/api/auth/logout', method: 'post' },
        },
        token: {
          property: 'token',
          maxAge: 60 * 60,
        },
        refreshToken: {
          property: 'token',
          maxAge: 20160 * 60,
        },
        user: {
          property: 'user',
        },
      },
    },
  },
  axios: {
    proxy: true,
    credentials: true,
  },
  proxy: {
    '/api': {
      target: process.env.API_URL || process.env.APP_URL,
    },
  },
  router: {
    middleware: ['auth'],
  },

  1. When logged in, then do “logout”, and refresh page got:

    ExpiredAuthSessionError: Both token and refresh token have expired. Your request was aborted. at eval (webpack-internal:///./node_modules/@nuxtjs/auth-next/dist/runtime.mjs:798:17)

  2. clean all cookie from chrome, refresh page got same problem

    ExpiredAuthSessionError: Both token and refresh token have expired. Your request was aborted. at eval (webpack-internal:///./node_modules/@nuxtjs/auth-next/dist/runtime.mjs:798:17)

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 6
  • Comments: 32

Most upvoted comments

@pi0 Please check again, this problem is still exists in the latest version.

+12
NishargShah on Jun 21, 2021

Still facing this issue

+8
qiquanlu on Jul 30, 2021

Hi guys! Thank you for report. We’ll take a look at this issue 😃

+7
JoaoPedroAS51 on Dec 18, 2020

I can reproduce this in @nuxtjs/auth-next@5.0.0-1613647907.37b1156 by setting extremely short token expiration dates in the backend (in my case Python rest_framework_simplejwt), e.g. 5s/10s token/refresh token and then doing this:

  • Log in
  • Wait 10s for both tokens to expire
  • Trigger a PATCH request, e.g. by updating something

This results in

ExpiredAuthSessionError: Both token and refresh token have expired. Your request was aborted.

The auth module will correctly log out the user and redirect to the login page, but the error nevertheless lands in the console and triggers Sentry logs etc.

+6
toniengelhardt on Mar 1, 2021

Can somebody reopen it?

+5
jykoaster on Jul 30, 2021

Same bug, downgrade to "@nuxtjs/auth-next": "5.0.0-1607693598.34d83ea" fix my problem

+3
steklopod on Dec 18, 2020

Looks like dev team dont need to check token and token validity for each request because i actually have many requests which is not requires any tokens

 const token = this.scheme.token.get();
      if (!isValid) {
        if (!token && this._requestHasAuthorizationHeader(config)) {
          throw new ExpiredAuthSessionError();
        }
        return config;
      }
+3
ximzavivka on Dec 18, 2020

For those still having this issue, in my specific case the problem was that i had some outdated methods that were handling the access token manually like:

this.$axios.setToken(accessToken, 'Bearer')

and now all of that logic should be handled via Auth module like:

this.$auth.strategy.token.set(accessToken);
this.$auth.strategy.token.sync();

after changing those, the error went away. Hope it helps someone.

+2
serenalucasjose on May 13, 2022

I encountered this problem and it turned out that when I was using jsonwebtoken to generate my token at the back end, for the expiresIn arg I was passing a string instead of a number (I got it from process.env). If you do this, it assumes you are specifying the number of milliseconds before expiry rather than the number of seconds.

+2
goldengecko on Sep 11, 2021

Restarting PC worked for me 😂 I tried it on staging URL and it was working just fine, then another colleague tried running it locally and it worked for him as well. So it must have been my local problem. After restarting my PC everything started to work properly.

+1
davidurco on Aug 27, 2021

I m’ able to reproduce this problem, by opening 2 tabs, and logout in 1 tab (which revoke access & refresh tokens). The other tab throw an ExpiredAuthSessionError when trying to navigate.

Maybe this.$auth.reset(); or this.scheme.reset(); should be added before throwing ExpiredAuthSessionError like is it done when refresh token is not ‘refreshable’.

 initializeRequestInterceptor(refreshEndpoint) {
    this.interceptor = this.axios.interceptors.request.use(async (config) => {
      if (!this._needToken(config) || config.url === refreshEndpoint) {
        return config;
      }
      const {
        valid,
        tokenExpired,
        refreshTokenExpired,
        isRefreshable
      } = this.scheme.check(true);
      let isValid = valid;
      if (refreshTokenExpired) {
        this.scheme.reset();
        throw new ExpiredAuthSessionError();
      }
      if (tokenExpired) {
        if (!isRefreshable) {
          this.scheme.reset();
          throw new ExpiredAuthSessionError();
        }
        isValid = await this.scheme.refreshTokens().then(() => true).catch(() => {
          this.scheme.reset();
          throw new ExpiredAuthSessionError();
        });
      }
      const token = this.scheme.token.get();
      if (!isValid) {
        if (!token && this._requestHasAuthorizationHeader(config)) {
          throw new ExpiredAuthSessionError();    <== Throwing exception here, but  this.scheme.reset() seem missing.
        }
        return config;
      }
      return this._getUpdatedRequestConfig(config, token);
    });
  }
+1
arnaud16571542 on May 25, 2021

@JoaoPedroAS51 your last commit has broke USER request. After successful login it doesn’t send Authorization header and cookies.

+1
steklopod on Dec 21, 2020

@oommgg @dz0tto @ximzavivka @steklopod @SultonbekovSarvarbek

Hey guys! I wasn’t able to reproduce the issue using auth demo code. Can someone try the latest version of v5 and see if persist? Also a repro would be really helpful. You can use this codesandbox template: https://codesandbox.io/s/nuxt-auth-demo-zi53w

Other things that can help is your auth config, the exact version you were using and steps to reproduce the error.

Thank you in advance! 😃

Note: In latest version of v5 the name of laravel providers changed

  • laravel/jwt -> laravelJWT
  • laravel/sanctum -> laravelSanctum
  • laravel/passport -> laravelPassport

Currently having the same issue with local auth. It worked before the latest version and now it always says

ExpiredAuthSessionError: Both token and refresh token have expired. Your request was aborted. at eval (webpack-internal:///./node_modules/@nuxtjs/auth-next/dist/runtime.mjs:798:17)

+1
nathanialhenniges on Dec 20, 2020
Read more comments on GitHub
← auth-module: Javascript heap out of memory
auth-module: Login redirect not working, $auth.state.loggedIn false →