TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/nuxt-alt/auth/llms.txt
Use this file to discover all available pages before exploring further.
local scheme is the foundational token-based strategy in @nuxt-alt/auth. It posts credentials to a login endpoint, stores the returned token in local storage or cookies, attaches it automatically to outgoing requests via a configurable header, and then fetches the authenticated user’s profile from a dedicated user endpoint. Most custom backends that issue JWTs or opaque bearer tokens are a natural fit for this scheme.
Configuration
nuxt.config.ts
Endpoints
The login endpoint. The scheme sends the user-supplied credentials to this URL and extracts the token from the response.Default:
{ url: '/api/auth/login', method: 'post' }The logout endpoint. When set to
false, no HTTP request is made on logout — the scheme only clears local state.Default: { url: '/api/auth/logout', method: 'post' }The user info endpoint. When set to
false, the scheme skips the user fetch entirely; you can call auth.setUser() manually to populate the user object.Default: { url: '/api/auth/user', method: 'get' }Token
The dot-notation path inside the login response body where the token value lives. For example,
'data.access_token' will traverse response.data.access_token.Default: 'token'The dot-notation path in the login response for the token’s lifetime in seconds. Used when
token.maxAge is false.Default: 'expires_in'The prefix prepended to the token value when setting the authorization header (e.g.
'Bearer mytoken123'). Set to false to send the raw token without a prefix.Default: 'Bearer'The HTTP request header used to carry the token.Default:
'Authorization'Override the token lifetime in seconds, ignoring any value returned by the server. When
false, the scheme reads token.expiresProperty from the login response instead.Default: falseWhen
true, the token is automatically attached to every outgoing HTTP request via the request interceptor.Default: trueWhen
true, the scheme treats the absence of a valid token as an unauthenticated state. Set to false for cookie-only flows where a token is optional.Default: trueThe key prefix used when persisting the token in storage.Default:
'_token.'The key prefix used when persisting the token expiration timestamp in storage.Default:
'_token_expiration.'User
The dot-notation path within the user endpoint response that contains the user object. Set to
false if the entire response body is the user object.Default: 'user'When
true, the scheme automatically calls the user endpoint immediately after a successful login.Default: trueAdditional Options
When set, the value is included as
client_id in the login request body. Useful for OAuth2-compatible password-grant backends.Default: undefinedWhen set, the value is included as
grant_type in the login request body. Accepts any of the standard OAuth2 grant type strings (e.g. 'password').Default: undefinedWhen set, the value is included as
scope in the login request body. May be a space-delimited string or an array of scope names.Default: undefinedWhen
true, sets baseURL to an empty string on login requests so that they are resolved relative to the server’s origin during SSR. Useful when your API and Nuxt app share the same host.Default: undefinedUsage
Login and logout in a component
Setting a token manually
If you already have a token from a server-side exchange, you can inject it directly and trigger a user fetch:Disabling Endpoints
Bothlogout and user endpoints accept false to opt out of the corresponding HTTP call:
When
endpoints.user is false, the scheme sets the user object to an empty object {} after login. Call auth.setUser(myUserData) at any point to populate it with the data you have.