Published: September 21 2018

Vue.js - Basic HTTP Authentication Tutorial & Example

Tutorial built with Vue.js 2.5.17 and Webpack 4.15

Other versions available:

The following is a custom example and tutorial on how to setup a simple login page using Vue.js and Basic HTTP Authentication. Webpack 4 is used to compile and bundle all the project files, styling of the example is done with Bootstrap 4.

The tutorial code is available on GitHub at

Here it is in action: (See on CodeSandbox at

Running the Vue.js Basic Authentication Tutorial Example Locally

The tutorial example uses Webpack 4 to transpile the ES6 code and bundle the Vue components together, and the webpack dev server is used as the local web server, to learn more about webpack you can check out the webpack docs.

  1. Install NodeJS and NPM from
  2. Download or clone the tutorial project source code from
  3. Install all required npm packages by running npm install from the command line in the project root folder (where the package.json is located).
  4. Start the application by running npm start from the command line in the project root folder.

For more info on setting up a Vue.js development environment see Vue - Setup Development Environment.

Running the Vue.js Basic Auth Example with a Real Backend API

The Vue.js example app uses a fake / mock backend by default so it can run in the browser without a real api, to switch to a real backend api you just have to remove a couple of lines of code from the main vue entry file /src/index.js below the comment // setup fake backend.

You can build your own backend api or start with one of the below options:

Vue.js Tutorial Project Structure

All source code for the Vue.js basic HTTP authentication app is located in the /src folder. Inside the src folder there is a folder per feature (app, home, login) and a couple of folders for non-feature code that can be shared across different parts of the app (_services, _helpers).

I prefixed non-feature folders with an underscore "_" to group them together and make it easy to distinguish between features and non-features, it also keeps the project folder structure shallow so it's quick to see everything at a glance from the top level and to navigate around the project.

Click any of the below links to jump down to a description of each file in the tutorial along with it's code:


Vue.js Tutorial Helpers Folder

Path: /src/_helpers

The helpers folder contains all the bits and pieces that don't fit into other folders but don't justify having a folder of their own.


Vue.js Tutorial Auth Header

Path: /src/_helpers/auth-header.js

Auth header is a helper function that returns an HTTP Authorization header containing the basic authentication credentials (base64 username and password) of the currently logged in user from local storage. If the user isn't logged in an empty object is returned.

The auth header is used to make authenticated HTTP requests to the server api using basic HTTP authentication.

export function authHeader() {
    // return authorization header with basic auth credentials
    let user = JSON.parse(localStorage.getItem('user'));

    if (user && user.authdata) {
        return { 'Authorization': 'Basic ' + user.authdata };
    } else {
        return {};

Vue.js Tutorial Fake / Mock Backend

Path: /src/_helpers/fake-backend.ts

The fake backend is used for running the tutorial example without a server api (backend-less). It monkey patches the fetch() function to intercept certain api requests and mimic the behaviour of a real api. Any requests that aren't intercepted get passed through to the real fetch() function that's built into the browser.

I created it so I could focus the tutorial on the Vue.js code and not worry about the backend, and also to make it work on CodeSandbox.

export function configureFakeBackend() {
    let users = [{ id: 1, username: 'test', password: 'test', firstName: 'Test', lastName: 'User' }];
    let realFetch = window.fetch;
    window.fetch = function (url, opts) {
        return new Promise((resolve, reject) => {
            // wrap in timeout to simulate server api call
            setTimeout(() => {

                // authenticate
                if (url.endsWith('/users/authenticate') && opts.method === 'POST') {
                    // get parameters from post request
                    let params = JSON.parse(opts.body);

                    // find if any user matches login credentials
                    let filteredUsers = users.filter(user => {
                        return user.username === params.username && user.password === params.password;

                    if (filteredUsers.length) {
                        // if login details are valid return user details
                        let user = filteredUsers[0];
                        let responseJson = {
                            username: user.username,
                            firstName: user.firstName,
                            lastName: user.lastName
                        resolve({ ok: true, text: () => Promise.resolve(JSON.stringify(responseJson)) });
                    } else {
                        // else return error
                        reject('Username or password is incorrect');


                // get users
                if (url.endsWith('/users') && opts.method === 'GET') {
                    // check for fake auth token in header and return users if valid, this security 
                    // is implemented server side in a real application
                    if (opts.headers && opts.headers.Authorization === `Basic ${window.btoa('test:test')}`) {
                        resolve({ ok: true, text: () => Promise.resolve(JSON.stringify(users)) });
                    } else {
                        // return 401 not authorised if token is null or invalid


                // pass through any requests not handled above
                realFetch(url, opts).then(response => resolve(response));

            }, 500);

Vue.js Tutorial Router

Path: /src/_helpers/router.js

The vue router defines all of the routes for the application, and contains a function that runs before each route change to prevent unauthenticated users from accessing restricted routes.

import Vue from 'vue';
import Router from 'vue-router';

import HomePage from '../home/HomePage'
import LoginPage from '../login/LoginPage'


export const router = new Router({
  mode: 'history',
  routes: [
    { path: '/', component: HomePage },
    { path: '/login', component: LoginPage },

    // otherwise redirect to home
    { path: '*', redirect: '/' }

router.beforeEach((to, from, next) => {
  // redirect to login page if not logged in and trying to access a restricted page
  const publicPages = ['/login'];
  const authRequired = !publicPages.includes(to.path);
  const loggedIn = localStorage.getItem('user');

  if (authRequired && !loggedIn) {
    return next({ 
      path: '/login', 
      query: { returnUrl: to.path } 


Vue.js Tutorial Helpers Index

Path: /src/_helpers/index.js

The helpers index file groups all helper exports together so they can be imported in other parts of the app using only the folder path, and enables importing multiple helpers in a single statement (e.g. import { helper1, helper2, ... } from '../_helpers').

export * from './fake-backend';
export * from './router';
export * from './auth-header';

Vue.js Tutorial Services Folder

Path: /src/_services

The services layer handles all http communication with backend apis for the application, each service encapsulates the api calls for a content type (e.g. users) and exposes methods for performing various operations (e.g. CRUD operations). Services can also have methods that don't wrap http calls, for example the userService.logout() method just removes the user object from local storage.

I like wrapping http calls and implementation details in a services layer, it provides a clean separation of concerns and simplifies the vue components that use the services.


Vue.js Tutorial User Service

Path: /src/_services/user.service.js

The user service encapsulates all backend api calls for performing CRUD operations on user data, as well as logging and out of the example application. The service methods are exported via the userService object at the top of the file, and the implementation of each method is located in the functions below.

In the handleResponse method the service checks if the http response from the api is 401 Unauthorized and automatically logs the user out. This handles if the basic authentication credentials are invalid.

import config from 'config';
import { authHeader } from '../_helpers';

export const userService = {

function login(username, password) {
    const requestOptions = {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ username, password })

    return fetch(`${config.apiUrl}/users/authenticate`, requestOptions)
        .then(user => {
            // login successful if there's a user in the response
            if (user) {
                // store user details and basic auth credentials in local storage 
                // to keep user logged in between page refreshes
                user.authdata = window.btoa(username + ':' + password);
                localStorage.setItem('user', JSON.stringify(user));

            return user;

function logout() {
    // remove user from local storage to log user out

function getAll() {
    const requestOptions = {
        method: 'GET',
        headers: authHeader()

    return fetch(`${config.apiUrl}/users`, requestOptions).then(handleResponse);

function handleResponse(response) {
    return response.text().then(text => {
        const data = text && JSON.parse(text);
        if (!response.ok) {
            if (response.status === 401) {
                // auto logout if 401 response returned from api

            const error = (data && data.message) || response.statusText;
            return Promise.reject(error);

        return data;

Vue.js Tutorial Services Index

Path: /src/_services/index.js

The services index file groups all service exports together so they can be imported in other parts of the app using only the folder path, and enables importing multiple services in a single statement (e.g. import { service1, service2, ... } from '../_services').

export * from './user.service';

Vue.js Tutorial App Feature Folder

Path: /src/app

The app folder is for vue components and other code that is used only by the app component in the tutorial application.


Vue.js Tutorial App Component

Path: /src/app/App.vue

The app component is the root component for the vue.js tutorial application, it contains the outer html and router-view for the tutorial app.

export * from './user.service';
    <div class="jumbotron">
        <div class="container">
            <div class="row">
                <div class="col-sm-6 offset-sm-3">

export default {
    name: 'app'

Vue.js Tutorial Home Feature Folder

Path: /src/home

The home folder is for vue components and other code that is used only by the home page component in the tutorial application.


Vue.js Tutorial Home Page Component

Path: /src/home/HomePage.vue

The home page component is displayed after signing in to the application, it shows the signed in user's name plus a list of all users in the tutorial app. The users are fetched from the api by calling userService.getAll() inside the created() vue component lifecycle hook.

        <h1>Hi {{user.firstName}}!</h1>
        <p>You're logged in with Vue.js & Basic HTTP Authentication!!</p>
        <h3>Users from secure api end point:</h3>
        <em v-if="users.loading">Loading users...</em>
        <ul v-if="users.length">
            <li v-for="user in users" :key="">
                {{user.firstName + ' ' + user.lastName}}
            <router-link to="/login">Logout</router-link>

import { userService } from '../_services';

export default {
    data () {
        return {
            user: {},
            users: []
    created () {
        this.user = JSON.parse(localStorage.getItem('user'));
        this.users.loading = true;
        userService.getAll().then(users => this.users = users);

Vue.js Tutorial Login Feature Folder

Path: /src/login

The login folder is for vue components and other code that is used only by the login page component in the tutorial application.


Vue.js Tutorial Login Page Component

Path: /src/login/LoginPage.vue

The login page component renders a login form with username and password fields. It displays validation messages for invalid fields when the user attempts to submit the form. If the form is valid the userService.login(username, password) method is called.

In the created() function the userService.logout(); method is called which logs the user out if they're logged in, this enables the login page to also be used as the logout page.

        <div class="alert alert-info">
            Username: test<br />
            Password: test
        <form @submit.prevent="handleSubmit">
            <div class="form-group">
                <label for="username">Username</label>
                <input type="text" v-model="username" name="username" class="form-control" :class="{ 'is-invalid': submitted && !username }" />
                <div v-show="submitted && !username" class="invalid-feedback">Username is required</div>
            <div class="form-group">
                <label htmlFor="password">Password</label>
                <input type="password" v-model="password" name="password" class="form-control" :class="{ 'is-invalid': submitted && !password }" />
                <div v-show="submitted && !password" class="invalid-feedback">Password is required</div>
            <div class="form-group">
                <button class="btn btn-primary" :disabled="loading">Login</button>
            <div v-if="error" class="alert alert-danger">{{error}}</div>

import { router } from '../_helpers';
import { userService } from '../_services';

export default {
    data () {
        return {
            username: '',
            password: '',
            submitted: false,
            loading: false,
            returnUrl: '',
            error: ''
    created () {
        // reset login status

        // get return url from route parameters or default to '/'
        this.returnUrl = this.$route.query.returnUrl || '/';
    methods: {
        handleSubmit (e) {
            this.submitted = true;
            const { username, password } = this;

            // stop here if form is invalid
            if (!(username && password)) {

            this.loading = true;
            userService.login(username, password)
                    user => router.push(this.returnUrl),
                    error => {
                        this.error = error;
                        this.loading = false;

Vue.js Tutorial Main Index HTML

Path: /src/index.html

The main index html file contains the outer html for the whole tutorial application. When the app is started with npm start, Webpack bundles up all of the vue.js code into a single javascript file and injects it into the body of the page.

<!DOCTYPE html>
<html lang="en">
    <meta charset="UTF-8">
    <title>Vue.js - Basic HTTP Authentication Example & Tutorial</title>
    <link href="//" rel="stylesheet" />
        a { cursor: pointer; }
    <div id="app"></div>

Vue.js Tutorial App Entrypoint

Path: /src/index.js

The root index.js file bootstraps the vue.js tutorial application by rendering the App component into the #app div element defined in the main index html file above.

The tutorial app uses a fake / mock backend that stores data in browser local storage, to switch to a real backend api simply remove the fake backend code below the comment // setup fake backend.

import Vue from 'vue';

import { router } from './_helpers';
import App from './app/App';

// setup fake backend
import { configureFakeBackend } from './_helpers';

new Vue({
    el: '#app',
    render: h => h(App)

Vue.js Tutorial Babel RC (Run Commands)

Path: /.babelrc

The babel config file defines the presets used by babel to transpile the ES6 code. The babel transpiler is run by webpack via the babel-loader module configured in the webpack.config.js file below.

  "presets": [

Vue.js Tutorial Package.json

Path: /package.json

The package.json file contains project configuration information including package dependencies which get installed when you run npm install. Full documentation is available on the npm docs website.

  "name": "vue-basic-authentication-example",
  "version": "1.0.0",
  "repository": {
    "type": "git",
    "url": ""
  "license": "MIT",
  "scripts": {
    "start": "webpack-dev-server --open"
  "dependencies": {
    "vue": "^2.5.16",
    "vue-router": "^3.0.1"
  "devDependencies": {
    "babel-core": "^6.26.0",
    "babel-loader": "^7.1.5",
    "babel-preset-env": "^1.6.1",
    "babel-preset-stage-0": "^6.24.1",
    "babel-preset-vue": "^2.0.2",
    "css-loader": "^0.28.11",
    "html-webpack-plugin": "^3.2.0",
    "path": "^0.12.7",
    "vue-loader": "^14.2.3",
    "vue-template-compiler": "^2.5.16",
    "webpack": "^4.15.0",
    "webpack-cli": "^3.0.8",
    "webpack-dev-server": "^3.1.3"

Vue.js Tutorial Webpack Config

Path: /webpack.config.js

Webpack is used to compile and bundle all the project files so they're ready to be loaded into a browser, it does this with the help of loaders and plugins that are configured in the webpack.config.js file. For more info about webpack check out the webpack docs.

The webpack config file also defines a global config object for the application using the externals property, you can also use this to define different config variables for your development and production environments.

var path = require('path');
var HtmlWebpackPlugin = require('html-webpack-plugin');

module.exports = {
    mode: 'development',
    resolve: {
        extensions: ['.js', '.vue']
    module: {
        rules: [
                test: /\.vue?$/,
                exclude: /(node_modules)/,
                use: 'vue-loader'
                test: /\.js?$/,
                exclude: /(node_modules)/,
                use: 'babel-loader'
    plugins: [new HtmlWebpackPlugin({
        template: './src/index.html'
    devServer: {
        historyApiFallback: true
    externals: {
        // global app config object
        config: JSON.stringify({
            apiUrl: 'http://localhost:4000'


Need Some Vue Help?

Search fiverr for freelance Vue developers.

Follow me for updates

On Twitter or RSS.

When I'm not coding...

Me and Tina are on a motorcycle adventure around Australia.
Come along for the ride!


Supported by