Andy March
Hi Jeff,
The router for the example in this article is generated automatically based on the content of your /pages directory, with the SPA I’m overriding this with the router.js so that is worth checking to make sure it has the correct routes registered.
Is the URL you are refreshing just “/protected”? When returning tokens to a SPA these are often passed as URL fragments to a redirect URI which then redirects the user to the content they requested. While the content shown on the page may change if you are refreshing the browser then last request seen by the browser is repeated if this was to the “redirect URI” and the client isn’t in a state to process these elements you might get a 404.
It’s worth mentioning that the Nuxt Auth module has now addressed the issue I mentioned in the article above about including nonces in token requests. I’ll try to revisit this with a example using the standard community module but that may be worth investigating.