Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth wip dont merge #59

Closed
wants to merge 3 commits into from
Closed

auth wip dont merge #59

wants to merge 3 commits into from

Conversation

steveklabnik
Copy link
Contributor

shamanime
shamanime reviewed Jul 18, 2015
View changes
src/index.js

app.use(passport.initialize());

app.use(cors());
app.use('*', cors());
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My API uses koa, so I use koa-cors, might be something like this:

app.use('*', cors({
  origin: '*',
  allowedHeaders: ['Authorization', 'Content-Type'],
  methods: ['PUT', 'POST', 'PATCH', 'DELETE', 'GET', 'HEAD']
}));

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still yields

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:8080/sessions. This can be fixed by moving the resource to the same domain or enabling CORS.

for me :/

@tdantas
Copy link

tdantas commented Jul 18, 2015

@steveklabnik let's create a endpoint just to issue a brand new JWT token to the frontend.

var JWT = require('jsonwebtoken'); //  npm install jsonwebtoken --save
app.post('/signup', function(request, response) {
   var token = JWT.sign({ YOUR CLAIMS HERE }, SECRET );
   response.json({ token: token });
});

@tdantas
Copy link

tdantas commented Jul 18, 2015

@steveklabnik I will fork the api project and try to help you !
give me time ( 20 - 30 min ) to setup and make it works on my machine.

@steveklabnik
Copy link
Contributor Author

ahh thanks! <3 Let me push this commit up with what you told me about

@tdantas
Copy link

tdantas commented Jul 18, 2015

great. let me know if work or not !

I don't know what the ember is expecting as response.
{ token: token } ?

@steveklabnik
Copy link
Contributor Author

it's not entirely clear to me either to be honest :/ I'm just trying to do the absolute simplest possible thing to make auth work between the two

i'm gonna go get some coffee, but maybe ping me on irc too? and no worries if you just give up here

@tdantas
Copy link

tdantas commented Jul 18, 2015

I will setup my machine and ping you when I figure it out.

@tdantas
Copy link

tdantas commented Jul 18, 2015

@steveklabnik
this line says that every route after me must be authenticated.
so the signup endpoint
will never be reached.

let's change the orders between signup and passport

@tdantas
Copy link

tdantas commented Jul 18, 2015

@steveklabnik
just fixed using this gist ( https://gist.github.com/tdantas/b51ccb74b4aa9475a993 ) and the result
https://cloudup.com/c955lI2hF8z

@steveklabnik
Copy link
Contributor Author

ahhh awesome thank you! I will try to see if i can get ember to play nice now. that makes perfect sense ❤️ ❤️ ❤️ ❤️ ❤️

@tdantas
Copy link

tdantas commented Jul 18, 2015

👍 amazing @steveklabnik let me know if you need anything else ! <3

@tdantas
Copy link

tdantas commented Jul 18, 2015

Just pushed to my fork. 👍

@tdantas
Copy link

tdantas commented Jul 18, 2015

@steveklabnik jwtStrategy will validate the issuer and audience.
so , you must issue a new JWT token on 'signup' with the same issuer and audience.

On my fork, I just removed ( issuer and audience) to make it simpler. make sense ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@steveklabnik @tdantas @shamanime