Documentation Index
Fetch the complete documentation index at: https://mintlify.com/nuxt-alt/auth/llms.txt
Use this file to discover all available pages before exploring further.
useAuth() is auto-imported by the module and returns the $auth instance that is injected into every Nuxt app. It gives you access to the full authentication API — reactive state, login and logout methods, token management, strategy switching, and event listeners — from any component, composable, or plugin without any manual imports.
useAuth() is a convenience wrapper around useNuxtApp().$auth. Both expressions return the same Auth instance, so you can use whichever style fits your codebase.Reactive State
TheAuth instance exposes several reactive properties that update automatically as authentication state changes. You can use them directly in templates or watch them with watchEffect.
Authentication Methods
login()
Calls the active strategy’slogin() method directly. Use this when you have already set the strategy and just want to pass credentials.
loginWith()
Switches to a named strategy and immediately callslogin(). This is the most common entry point for user authentication.
logout()
Calls the active strategy’slogout() method. If the strategy does not define a logout endpoint, auth.reset() is called automatically.
fetchUser()
Re-fetches the current user from the strategy’s user endpoint and updatesauth.user. Useful after updating profile data server-side.
fetchUserOnce()
Fetches the current user only ifauth.user is not already set. This is used internally during strategy initialization to avoid redundant network requests. You can call it directly if you want a lazy fetch that respects any previously loaded user data.
setUser()
Manually sets or clears the user object in the auth state. Whenfalse is passed, the user is cleared and loggedIn is set to false.
setUserToken()
Sets the access token (and optionally a refresh token) on the current token strategy and triggers a user fetch. This is useful after receiving tokens from a custom flow outside the standardlogin() method.
reset()
Clears all stored tokens, the user object, and resets theloggedIn state. Unlike logout(), reset() does not call any server endpoint and does not redirect the user.
refreshTokens()
Manually triggers the refresh token flow via the active strategy’srefreshController. This is normally called automatically by the middleware, but you can invoke it directly if needed.
check()
Runs the active strategy’scheck() method and returns a SchemeCheck object describing the current token validity. Pass true to also check for expiry.
redirect()
Redirects the user to one of the configured redirect paths. Accepts an optional route argument to use as thefrom path for rewrite logic.
setStrategy()
Resets the current strategy, stores the new strategy name, and callsmounted() on the new strategy. The returned promise resolves when the strategy is fully initialized.
registerStrategy()
Registers a custom strategy instance under a given name, making it available forsetStrategy() and loginWith(). This is used internally during module initialization but can be called from a plugin to add runtime strategies.
hasScope()
Checks whether the current user has a given scope. Looks up the property defined byoptions.scopeKey on the user object, and supports both array-based and nested object-based scope representations.
request() and requestWith()
Low-level methods for making authenticated HTTP requests via@nuxt-alt/http. requestWith() automatically reads the current token from the active strategy and attaches it to the request headers.
Event Listeners
onError()
Registers a callback that fires whenever an auth error occurs (e.g. a failed login or a refresh error). All registered listeners are called with the error and a payload describing which method triggered it.onRedirect()
Registers a callback that runs before every auth redirect. The callback receives the destination (to) and origin (from) strings and can return a modified destination to override the redirect target.
Strategy Getters
TheAuth class exposes three typed getters that all return the same active strategy instance. The difference is purely the TypeScript return type, which enables type-safe access to token and refresh-specific properties.
All three getters call the same internal
getStrategy() method and return the same object at runtime. They exist exclusively for TypeScript type narrowing. If your active strategy does not actually implement the token or refreshToken interface, accessing those properties will return undefined — always use optional chaining (?.) when in doubt.