-
Notifications
You must be signed in to change notification settings - Fork 118
local auth should not redirect by default #89
Comments
@Harangue Yes I agree. I assume you are using local authentication without Ajax or sockets in this case? The redirect was initially introduced for OAuth but I think is also included for local auth when not using ajax. I could see how that would cause issues with CORS. Do you mind posting a gist or some sample code highlight the issue so that I have a better understanding of how you are sending data for auth? |
@ekryski I'm using the
I get a successful request (with cookies set), but it's a redirect to
Problematically, when I change the |
@Harangue Yup got it. Thanks for posting that! It really shouldn't behave that way. I'll probably just remove the redirect altogether from local auth (it's not really needed) or at the very least make it optional. IMO I made a mistake adding it there. The redirect really is only needed for OAuth (and potentially form posts), if you needed to redirect and are auth'ing over ajax or sockets then you can do that on the client. |
Awesome! Should I just switch to websocket authentication in the mean time? |
Oh - this is important. Just upgraded to 0.4.0 and feathers-localstorage won't work either because
Should I open a separate issue? |
@Harangue Nope this one is fine. I'm going to be working in feathers-auth all day today so I should be able to get a bunch of stuff closed. |
@ekryski Scratch that last one. Made a mistake in my config. :) |
👍 |
@ekryski I'll just keep adding things as I run into them here, if that's cool. :)
I don't think it should assume you're authenticated. The natural thing for me to try was using |
@ekryski Pretty sure |
@Harangue you are correct. I thought I had committed that fix while working on the RN app. |
@ekryski Another issue I encountered - the documentation claims that you can set I can start trying to submit PRs for some of these, if you don't have the time. I might make mistakes though, so let me know. |
+1 for supporting |
With the current version, jQuery.ajax({
url: "http://api.dev:8080/login",
type: "POST",
headers: {
"Accept": "application/json",
"Content-Type": "application/json",
},
contentType: "application/json",
data: JSON.stringify({
"email": "[email protected]",
"password": "password"
})
}) |
I have the same issue. I think we only needs to disable redirection for local auth, because if we want to use both local auth and facebook/github/.. we stil need |
I think @ArnaudValensi is right. I started looking at this today. Rather than disable for local auth altogether, I think the best option is to allow people to specify which auth providers they want to use a redirect for success and failure. The reason being that if you are doing a form post for local auth then it should redirect to your own route. |
Currently one can set
successRedirect
orfailureRedirect
but not a null value for either. This is an issue when you are relying on CORS, because browsers do not permit a redirect after a pre-flightoptions
request, which many frameworks depend on.There should be an option to disable redirects and instead just send back a general success response. I've hacked it together for my project, but should be standardized (and documented) IMO. I would submit a PR, but I'm not exactly sure what the response should be.
The text was updated successfully, but these errors were encountered: