Documentation Index
Fetch the complete documentation index at: https://mintlify.com/nuxt-alt/auth/llms.txt
Use this file to discover all available pages before exploring further.
@nuxt-alt/auth separates the concern of reactive state (what your components read) from persistent storage (what survives a page reload or a server round-trip). The Storage class manages both layers simultaneously: reactive state is held in either Nuxt’s useState or a Pinia store, while tokens and other auth values are persisted across sessions through cookies, localStorage, or sessionStorage. Multiple backends can be active at the same time, and the module keeps them in sync automatically.
How the Storage Class Resolves Values
WhengetUniversal(key) is called, the Storage class walks through the enabled backends in a fixed priority order and returns the first non-empty value it finds:
- Cookie — checked first on the client because it is the most authoritative persistent source
- localStorage — checked next if enabled
- sessionStorage — checked next if enabled
- State (useState / Pinia) — checked last as the in-memory fallback
localStorage, sessionStorage) are skipped entirely on the server.
setUniversal, getUniversal, syncUniversal, and removeUniversal are available on $auth.$storage and operate across all enabled stores simultaneously. Use them when you need to read or write a value in a backend-agnostic way.Cookie Storage (default, SSR-safe)
Cookies are enabled by default and are the recommended primary persistence backend. Because cookies are included in every HTTP request, tokens stored as cookies are accessible on the server during SSR — making this the only backend that works seamlessly in a universal (SSR + client) Nuxt application.options object is passed directly to cookie-es when serializing each cookie. Any CookieSerializeOptions field is accepted:
| Option | Type | Description |
|---|---|---|
path | string | Cookie path scope. Defaults to '/'. |
sameSite | 'lax' | 'strict' | 'none' | Cross-site cookie policy. Defaults to 'lax'. |
maxAge | number | Lifetime in seconds. Defaults to 31536000 (1 year). |
domain | string | Cookie domain scope. |
secure | boolean | Restrict to HTTPS. Automatically set to true in production. |
httpOnly | boolean | Prevent JavaScript access to the cookie. |
If
cookie.enabled is true but the browser reports that cookies are disabled (navigator.cookieEnabled === false), a console warning is emitted and the cookie backend is silently skipped for that request. Cookie access on the server side is always attempted when cookie.enabled is true and a response object is available.Nuxt useState (default reactive state)
By default,@nuxt-alt/auth uses Nuxt’s built-in useState composable to create a reactive, SSR-aware state store. No additional packages are required. This is the default reactive layer — it stores transient values like the user object and loggedIn flag that your components read reactively.
namespace renames the useState key from 'auth' to your chosen value. This is only necessary if 'auth' conflicts with another useState call in your codebase.
Pinia Store (optional)
Pinia is an optional replacement foruseState as the reactive state layer. When enabled, the auth module creates a Pinia store with the given namespace and patches it reactively instead of writing to a useState ref. This is useful if you prefer Pinia’s devtools integration or want to use Pinia actions and getters alongside auth state.
To use the Pinia store, install @pinia/nuxt and add it to your modules list:
The Pinia store is only activated when
stores.pinia.enabled is true and @pinia/nuxt is present. If either condition is not met, the module silently falls back to useState.localStorage
localStorage is a browser-only persistence backend that survives page reloads and browser restarts (until explicitly cleared or the user’s storage quota is reached). It is disabled by default.
sessionStorage
sessionStorage works like localStorage but is scoped to a single browser tab — its contents are cleared when the tab or window is closed. It is disabled by default and is best suited for high-security flows where you want tokens to expire with the session.
Universal Storage API
The$auth.$storage object exposes a set of methods that read from and write to all enabled backends at once, following the priority order described above. These are the primary methods you will use when building custom strategies or extending the module.
| Method | Description |
|---|---|
setUniversal(key, value, include?) | Writes value to all included stores and reactive state. Pass null or undefined to remove the key. |
getUniversal(key) | Returns the first non-empty value found across backends in priority order. |
syncUniversal(key, defaultValue?, include?) | Reads the current value and propagates it to any backends that don’t already have it. Falls back to defaultValue if unset everywhere. |
removeUniversal(key) | Deletes the key from reactive state, cookies, localStorage, and sessionStorage. |
The optional
include parameter on setUniversal and syncUniversal is a { cookie, local, session } flags object that lets you write to only a subset of backends in a single call. For example, { cookie: false } writes to localStorage and sessionStorage but not to cookies.