Skip to content

fix(nuxt): fail fast on invalid Asgardeo SSR config#534

Open
srinidhipappu wants to merge 3 commits into
asgardeo:mainfrom
srinidhipappu:nuxt/auth-integration
Open

fix(nuxt): fail fast on invalid Asgardeo SSR config#534
srinidhipappu wants to merge 3 commits into
asgardeo:mainfrom
srinidhipappu:nuxt/auth-integration

Conversation

@srinidhipappu

@srinidhipappu srinidhipappu commented Jul 7, 2026

Copy link
Copy Markdown

Purpose

Hardens server-side configuration resolution and error handling in the @asgardeo/nuxt module's SSR runtime.

Previously, missing Asgardeo runtime configuration could cause initialization to silently fail, resulting in unclear runtime errors later during authentication. This PR centralizes server configuration resolution into a dedicated helper that validates required configuration and throws an actionable error when the setup is invalid.

This improves the developer experience by surfacing configuration issues immediately while keeping the existing authentication flow and AsgardeoNodeClient behavior unchanged.

Related Issues

Related PRs

  • N/A

Implementation Details

  • Added resolveAsgardeoServerConfig(event) in packages/nuxt/src/runtime/server/utils/config.ts.

    • Resolves Asgardeo runtime configuration values.
    • Validates required fields such as baseUrl and clientId.
    • Enforces sessionSecret requirements in production environments.
    • Generates the OAuth callback redirect URI.
    • Throws a clear createError(500) response when configuration is invalid.
  • Updated packages/nuxt/src/runtime/server/plugins/asgardeo-ssr.ts.

    • Replaced duplicated configuration extraction logic with the new resolver.
    • Preserved existing session handling and SSR authentication behavior.
  • Updated packages/nuxt/src/runtime/server/AsgardeoNuxtClient.ts.

    • Updated authentication redirect handling while preserving existing client behavior.

Testing

Automated verification:

  • nx typecheck @asgardeo/nuxt
  • nx build @asgardeo/nuxt

Manual verification:

  • Created a Nuxt application using the Asgardeo Nuxt integration.
  • Configured the Asgardeo provider with the required runtime configuration.
  • Verified redirect to Asgardeo login.
  • Verified OAuth callback handling and successful authentication.
  • Verified the authenticated user session after login.

Checklist

  • Followed the CONTRIBUTING guidelines.
  • Manual test round performed and verified.
  • Documentation provided. (Not applicable for this change)
  • Unit tests provided. (Not added in this PR)
  • Changeset added.

Security checks

  • Followed secure coding standards.
  • Confirmed that this PR does not commit any keys, passwords, tokens, usernames, or other secrets.

Summary by CodeRabbit

  • Bug Fixes
    • Improved Nuxt SSR startup reliability by validating server-side auth settings earlier.
    • Missing required configuration now fails fast with a clear error instead of causing an opaque sign-in crash.
    • Production deployments now require a session secret, while non-production environments can continue with a warning.
    • Callback and redirect handling is now derived more consistently from the incoming request.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 58ee5413-b405-4e02-b2e7-10ce95ebe08e

📥 Commits

Reviewing files that changed from the base of the PR and between 24c36b4 and ed7550e.

📒 Files selected for processing (3)
  • .changeset/asgardeo-nuxt-config-resolution.md
  • packages/nuxt/src/runtime/server/plugins/asgardeo-ssr.ts
  • packages/nuxt/src/runtime/server/utils/config.ts

📝 Walkthrough

Walkthrough

Server-side configuration resolution for the Asgardeo Nuxt SSR client is centralized into a new resolveAsgardeoServerConfig() utility that validates required fields (baseUrl, clientId) and session secret presence, throwing an H3 error on failure. The SSR plugin is refactored to use this utility instead of inline validation logic. A changeset documents the patch.

Changes

Asgardeo Nuxt SSR Config Resolution

Layer / File(s) Summary
Config resolution utility and validation
packages/nuxt/src/runtime/server/utils/config.ts
New utility resolves callback URL from request headers, validates required public config fields (baseUrl, clientId), enforces ASGARDEO_SESSION_SECRET presence (strict in production, warning otherwise), and returns an assembled AsgardeoNuxtConfig.
SSR plugin wiring and changeset
packages/nuxt/src/runtime/server/plugins/asgardeo-ssr.ts, .changeset/asgardeo-nuxt-config-resolution.md
SSR plugin removes local callback URL construction and inline validation, delegating to resolveAsgardeoServerConfig(event) with a fallback error guard; changeset documents the patch fixing silent-skip initialization failures.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Request as Incoming Request
  participant Plugin as asgardeo-ssr Plugin
  participant Config as resolveAsgardeoServerConfig
  participant Client as Asgardeo Client

  Request->>Plugin: handle request
  Plugin->>Config: resolveAsgardeoServerConfig(event)
  Config->>Config: validate baseUrl, clientId, ASGARDEO_SESSION_SECRET
  alt required fields missing or secret missing in production
    Config-->>Plugin: throw H3Error 500
    Plugin-->>Request: 500 startup failure
  else config valid
    Config-->>Plugin: resolvedConfig
    Plugin->>Client: client.initialize(resolvedConfig)
    Client-->>Plugin: initialized
  end
Loading

Suggested reviewers: DonOmalVindula

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Linked Issues check ⚠️ Warning The PR hardens SSR config, but #364 asks for an official Asgardeo @nuxt/auth provider with OIDC, token, and logout capabilities. Implement the provider capabilities from #364, or retarget the linked issue if this PR is only a prerequisite.
Out of Scope Changes check ⚠️ Warning The config-resolution hardening and changeset are not part of the linked issue's provider and OIDC feature set. Remove unrelated SSR config-hardening changes or document them as a separate prerequisite PR.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main change: failing fast on invalid Asgardeo SSR config.
Description check ✅ Passed The description matches the template and includes purpose, related issues, implementation, testing, checklist, and security sections.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

@nuxt/auth integration for Asgardeo

1 participant