cookieDomain doesn't work

[Tomus45]

Environment

• Operating System: Windows_NT
• Node Version: v22.6.0
• Nuxt Version: 3.13.1
• CLI Version: 3.13.1
• Nitro Version: 2.9.7
• Package Manager: [email protected]
• Builder: -
• User Config: app, runtimeConfig, ssr, devtools, modules, ogImage, site, image, auth, compatibilityDate
• Runtime Modules: @sidebase/[email protected], @nuxtjs/[email protected], @nuxt/[email protected], @pinia/[email protected], @vueuse/[email protected], @pinia-plugin-persistedstate/[email protected], @nuxtjs/[email protected]
• Build Modules: -

Reproduction

I connect to my account on the site by contacting my API which is on a different domain than my site and which returns a token to me, then the token is stored in a cookie.

Describe the bug

No matter what I put in the cookieDomain parameter for the token it doesn't change anything the domain of my cookie is always that of my site while I want it to be that of my api.

Additional context

Here my nuxt config :

 auth: {
    baseURL: `${process.env.API_URL}/gestionConnexion`,
    session: {
      enableRefreshPeriodically: false,
      enableRefreshOnWindowFocus: false,
    },
    globalAppMiddleware: {
      isEnabled: false,
      allow404WithoutAuth: true,
      addDefaultCallbackUrl: false,
    },
    provider: {
      type: "local",
      endpoints: {
        signIn: { path: "login", method: "post" },
        signUp: { path: "register", method: "post" },
        getSession: { path: "user", method: "get" },
      },
      token: {
        signInResponseTokenPointer: "/token/accessToken",
        type: "Bearer",
        cookieName: "auth.token",
        headerName: "Authorization",
        maxAgeInSeconds: 10800,
        sameSiteAttribute: 'lax',
        cookieDomain: 'api.example.com',
        secureCookieAttribute: false,
        httpOnlyCookieAttribute: false,
        signUpResponseTokenPointer: "/token/accessToken",
        getSessionResponseTokenPointer: "/token/accessToken",
      },
      sessionDataType: {
        id: "string",
        email: "string",
        pseudo: "string",
        role: "'admin' | 'account'",
      },
    },
  },

Logs

No response

[phoenix-ru]

I noticed you use @sidebase/[email protected], could you please retry on the latest version 0.10.0 or the previous version 0.9.4? Old versions will not be supported

[Tomus45]

Sure, I've test on the latest version and it's the same problem

[phoenix-ru]

that of my site while I want it to be that of my api.

I doubt you can set a cookie for an external domain from the browser perspective. I would advise you to do a research if you can achieve that by pure JS (i.e. without using nuxt-auth) and provide an example if you can. Afaik, it's not possible and you need to set a cookie on your backend and let browser itself save that.

[Tomus45]

My api is a subdomain of my site, I tested by changing the domain of my cookie manually with the browser tool to put that of my api and it works. But I don't understand why no matter what I put in the cookieDomain parameter it does not change the domain when I look at my cookie with the browser tool. What is the point of this setting? It's the same for the cookieName.

[phoenix-ru]

Does changing cookieName work for you?

We utilize Nuxt's useCookie composable under the hood, so you can refer to the documentation here

By default, no domain is set, and most clients will consider applying the cookie only to the current domain.

Docs

[Tomus45]

I have the default value, name : auth:token but I also can't change that

[phoenix-ru]

auth:token is the old name, we changed it to auth.token in 0.7.0. Please make sure you use a new version as what you're describing looks very much like 0.6.7