OAuth login
Besides the local email/password login strategy, the module supports login with OAuth2 providers such as Google, and Github.
Important
Please note that email
and name
information are required for registration, otherwise not accessible error message will be returned.
Options
The module can accept multiple OAuth2 providers via oauth
config option:
ts
export default defineNuxtConfig({
// ...
auth: {
oauth: {
"<provider>": {
clientId: "",
clientSecret: "",
scopes: "",
authorizeUrl: "",
tokenUrl: "",
userUrl: "",
customParams: {},
},
},
},
// ...
});
To login with an OAuth2 provider the module implements this flow:
- Via
authorizeUrl
: it requests an authorization code from the provider withscope
to get user info andstate
to maintain the redirection path of the previously visited protected page. The provider handles user authentication and consent. - Via
tokenUrl
: it requests an access token from the OAuth2 authorization server with the authorizationcode
returned earlier. - Via
userUrl
: it requests user info with the access token returned earlier. Thescope
should permit getting the username
andemail
fields. - The module checks if the user exists (stored in the database), if not it registers him.
- The module issues an access token and a refresh token for this new session. Note the tokens issued by the OAuth provider are omitted, they are only needed to get user info.
The redirect URI to be set on oauth
configuration should be the following:
bash
{baseUrl}/api/auth/login/{provider}/callback