Thx for posting an example. I'll take a look ASAP.

Thanks a lot ❤️

Doing some quick look I found that at >this line the variable val is undefined when the browser opens the redirect URI from the API link that was clicked from the mail client.

The expected value(that I think it is) for the val variable would be something like:

{"access-token":"dSwdgKgbenbjJ3rczRSr-w","token-type":"Bearer","client":"DLEc0lydSYxUmwwmDrKFzw","expiry":"1473789122","uid":"[email protected]"}

That would be in the key of authHeaders read from the cookies, but somehow it 's undefined(maybe because is not reading the params from the uri? ).

Actually >in this line user and headers does not exist in the object retrieved in the object called in getCurrentSettings().initialCredentials, it just has the headers values as can be seen here

Is that a bug?

Also running into this issue. It doesn't seem that clientOnly mode works because of this.

Edit: With a bit of hacking, I seem to have got this working in clientOnly mode now.

It will now try to validate the token even if initialCreds is set, whereas before it wasn't.

https://github.com/lynndylanhurley/redux-auth/blob/master/src/utils/client-settings.js#L94-L114

  let savedCreds = retrieveData(C.SAVED_CREDS_KEY);
  let initialCreds = getCurrentSettings().initialCredentials;
  if (initialCreds) {
    // skip initial headers check (i.e. check was already done server-side)
    persistData(C.SAVED_CREDS_KEY, initialCreds);
  }
  if (savedCreds || initialCreds) {
    // verify session credentials with API
    return fetch(`${getApiUrl(currentEndpointKey)}${currentEndpoint[currentEndpointKey].tokenValidationPath}`)
    .then(response => {
          if (response.status >= 200 && response.status < 300) {
            return response.json().then(({ data }) => (data));
          }
          removeData(C.SAVED_CREDS_KEY);
          return Promise.reject({reason: "No credentials."});
    });
  } else {
    return Promise.reject({reason: "No credentials."})
  }

I haven't tested this at all with SSR. I'm sure it will break things...

I believe I have the same issue... 👍 for this!

@hitchcott thanks a lot for helping out!

it breaks the code because it's not returning a Promise, since that is what it's being expected from the calling method at configure.js
Right now I'm trying to figure out how to solve this

Would it be possible to open a pull request to fix client-side only usage?

My PR breaks 24 tests.
Unfortunately I don't know how to write those tests(yet!), I'm new to ES6 and it's tools, so I'm giving my contribution here hoping it gives some light on this problem.

Thanks for the contribution @betoharres and thanks for the work on the library @lynndylanhurley. I have also been experiencing this issue in an attempt to rip out home rolled auth in favor of a community driven package.

calling configure with the following:

  return store.dispatch(configure(
    { apiUrl: 'http://localhost:3333' },
    { serverSideRendering: false, cleanSession: true, clientOnly: true }
  ))
  .then(() => ({ store: store, history: browserHistory }))

has left me with the name.replace is not a function error. Its strange, the issue is intermittent... Just hoping to draw some attention here to the issue, we are also running in "clientOnly" mode.

Hi @bbrock25 ! From what I remember this error is due browser-cookies library trying to use a variable that is undefined because of redux-auth code. Have you tried to apply the changes that are in the PR #86 ?

No, not yet, we just did an initial pass through as a research spike. if we get the go ahead to fork and work this I'll definitely use that as a guide to get started.

I've tried using #86 but am still seeing the errors, for whatever reason. We have had to disable email login in production, and are simply relying on Omniauth at the moment. Hopefully there is a fix in the near future.

Hello!
I have same problem:
clientOnly mode, but after reload app forget about user xD
I cant see where redux-auth save headers (cookies or localstorage).
May be I need use tokenValidation custom request?

Thanks for help!

Cookies are saved from ./src/utils/fetch.js, which you must use in order to do all your ajax requests to the server (the storage logic is in src/utils/session-storage.js).
Also make sure that you configure CORS properly to allow for the specific headers such as: ["token-type", "uid", "client", "access-token", "expiry"]

Hi, I'm also running into this issue the following way:

• Fill in email address on the <RequestPasswordResetForm />
• Submit the form
• Check that the password reset email is correctly received by MailCatcher
• Click on the link provided

redux-auth starts configuration and seems to be setting a few cookies:

• name defaultConfigKey, value "default" (succeeds)
• name currentConfigName, value "default" (succeeds)
• name authHeaders value undefined (fails)

I am not logged in yet.

Any ideas? Thanks in advance!

Make sure that you configure CORS properly on the server side to allow for the specific headers such as: ["token-type", "uid", "client", "access-token", "expiry"]

Faced the things described across several issues in this repo, so to sum up how to use this without server–side rendering, I can advise the following settings to provide in the configure method:

  {
    serverSideRendering: false,
    storage: 'localStorage',
    cleanSession: false,
    clientOnly: true
  }

Also thanks a lot @betoharres for your fork — but would be great to provide a build changes too (not only source) in your PR #86

@sibsfinx Thanks! You mean running npm run release and committing it?

@betoharres yes, exactly