-
Notifications
You must be signed in to change notification settings - Fork 118
Problem authenticating using REST middleware #495
Comments
@kokujin did you include feathers authentication? app.configure(authentication(config)); You need to have done that before your route is called (and also potentially registered). |
Actually, I did @ekryski , more details
And in app.js, I import the routes for use
|
What if you switch app.post/app.get with |
Any help with this would really be appreciated. Just to make things clear,
What does not work properly is protecting custom routes with the auth.express.authenticate middleware. The routes are locked but I cannot access them using a valid token issued from the same server. Thanks |
What @kokujin just described is what I am experiencing in #469 currently. In the next day or two I might have a minimal example that hopefully shows how to get the |
I used Steps to repro what I have:
At this point do an Now if we add routes like so...
With appropriate pages in the
We can now navigate to This happens for both 1.2.0 and 1.2.3 of Round two - what if we need to enable cookies for this to work? We shouldn't because the server should set the header and pass it to the redirect route, but if that solves it I'm down... trying that next... -> 'cookie' property in the authentication config doesn't make a difference. Nor does session. |
Any news on this? |
@kokujin Are you still getting the same error?
Because I don't get that error. My users just don't get authenticated. This is what my
And in |
Same here @snewell92, the
is gone, but no authentication is taking place. |
@kokujin Okay I've got this working but I've added sessions ( I require in
And then my post login route has this function
And then to enforce this authentication on routes I use two middlewares
As it stands, this is a decent workaround that gets the desired behavior without too much hassle, and even works with existing middleware for authentication. The documentation for feathers seems to suggest there is a configuration to set up sessions, but maybe that has been deprecated(?) - either way I think this issue can be closed. If there is indeed an issue with the documentation another issue should address that. OR it's also possible that both of our configs were just wrong. 🤷♂️ |
@snewell92, thanks for your persistence to solve this issue. I would rather not use sessions and cookies, we have the JWT for that. I hope somebody has a good solution to this problem. |
@kokujin check this out. Seemed to work for him. It's probably a slightly different use case than ours, but it seems to pull the jwt token out from the cookie without needing to manage session ourselves. I'll probably go back and try |
Hey @kokujin are you still having this issue? I've managed to get a token back, put it in localStorage, and I have been having success with the |
Hey sorry guys.
Yeah we usually use the feathers client on the login page. As part of Auth 2.0, we're going to move to defaulting to putting the access token in the URL when you are redirecting instead of a cookie. Lots of people having trouble/confusion with cookies. In order to do any sort of redirecting after you authenticate you currently need to use cookies to pass the JWT access token to the client. If you are using the feathers client in the app you are redirecting to (ie. redirecting to a client side app on a sub-domain), you can simply call If you are not using JavaScript to talk to your backend via REST or Websockets, then you are likely doing some sort of SSR setup or just regular form posts. In order to handle that you need to use cookies server side and you need to add a custom cookie extractor to the We generally discourage this method because we feel that you should be decoupling your API from your view layer and using cookies exposes you to potential CSRF vulnerabilities. So if you need to do this method you want to make sure you are setting your cookies to In the next major auth version we're going to be setting the token in the URL when doing redirects by default. This should alleviate the need for cookies for most people and will hopefully make all this much easier for people as there will be less moving parts. |
There is a recipe showing how to use Feathers authentication with Express middleware (including server side rendering) at https://docs.feathersjs.com/guides/auth/recipe.express-middleware.html |
I am trying to authenticate and redirect using REST and not any of the clients using this snippet
This fails however with an error
What would be the proper way to do this? thanks
The text was updated successfully, but these errors were encountered: