Skip to content
This repository has been archived by the owner on Mar 22, 2022. It is now read-only.

Using custom passport strategies #356

Closed
KidkArolis opened this issue Nov 28, 2016 · 1 comment
Closed

Using custom passport strategies #356

KidkArolis opened this issue Nov 28, 2016 · 1 comment

Comments

@KidkArolis
Copy link

Hi, still reading through the docs and code, but struggling to make sense of it so far...

All I want is a user object populated in my middleware and all services where I use this strategy https://github.com/ripjar/passport-trusted-header to create my user object. First thing I'm stuck with is that in passport docs they do passport.use(), but that's not available in feathers-authentication.

I'm also confused whether I need all/any of these:

  • app.service('authentication').hooks({
  • app.service('users').hooks({
  • auth.express.authenticate('local'
  • let config = app.get('auth'); config.facebook.strategy = FacebookStrategy; app.configure(authentication(config))

In particular, I find these 2 snippets in the README quite confusing:

app.service('authentication').hooks({
  before: {
    create: [
      // You can chain multiple strategies
      auth.hooks.authenticate(['jwt', 'local'])
    ],
    remove: [
      auth.hooks.authenticate('jwt')
    ]
  }
});

// Add a hook to the user service that automatically replaces
// the password with a hash of the password before saving it.
app.service('users').hooks({
  before: {
    find: [
      auth.hooks.authenticate('jwt')
    ],
    create: [
      local.hooks.hashPassword({ passwordField: 'password' })
    ]
  }
});
  • Does the first one mean - "make sure user is authenticated before... someone calls authentication.create"?
  • Or does feathers call authentication.create and this says "use jwt strategy"?
  • But then when would I pass "jwt" to this before hook and when would I pass it to express.auth.authenticate("jwt")
  • Is the fact that you show "jwt", "local" in create, but only "jwt" in the remove a demo of the feature or a recommended way of setting it up? Is this an example of some specific use case?
  • When do I need and not need to set these users/authentication hooks?
  • Do I ever need to manually use the services("authentication")?

I'm just hoping that these questions will ... shed some light on which bits confuse me so you guys can clarify ;) ✌️ Or maybe it's just me!

(I'm using feathers-authentication@next).

@KidkArolis
Copy link
Author

Ok, I think I got it:

...
const auth = require('feathers-authentication')
const passportTrustedHeader = require('passport-trusted-header')

const app = feathers()

app
  ...
  .configure(auth({ secret: '-' }))
  .use(auth.express.authenticate('trusted-header'))

app.passport.use(new passportTrustedHeader.Strategy({ headers: ['x-user-id'] }, function (requestHeaders, done) {
  var userId = requestHeaders['x-user-id']
  var user = { id: userId }
  done(null, user)
}))

With this I get req.user and hooks.params.user, which is all I wanted.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant