Remove implicit anonymous auth #392
Comments
|
Didn't we already have a discussion about this? A warning would be good. As discussed before, it's pretty hard to truly enforce it without reducing flexibility. I've been thinking more about it and it really should just be a |
|
I don't remember discussing this specifically. A warning works fine. Anything to make it more obvious for those who don't want it. |
|
The discussion was about setting up the You're right, I don't understand what allowing anonymous JWT tokens by default allows us to do (other than being confusing). What we were suggesting is
|
|
I think this is the single biggest issue with auth, now. We need to come up with a solution. |
|
I was confused too at beginning to see anonymous JWT generated without strategies, i agree with @daffl |
|
I love feathers but this particular issue has caused a lot of heartbreak. |
|
Sorry for the pain, @cranesandcaff. |
|
Thanks for the swift response @marshallswain I know this isn't the proper forum for this, but I'm trying the local authentication and I keep getting a 400 missing credentials but my custom verifier is never run. |
|
@cranesandcaff PM me in Slack. |
|
This has been done in Feathers v4 authentication. Please see the migration guide for more information. Closing this issue in order to archive this repository. Related issues can be opened at the new code location in the Feathers main repository. |
Right now if you don't register a strategy with the the
authenticate(['strategy-name'])hook, it still creates a token. I think this is confusing for everybody. It ends up not being very useful, because you can't use it along with a strategy. You have to explicitly register ananonymousauth strategy. I think we should instead throw an error that tells people they need to use the authenticate hook to register a strategy.cc @feathersjs/core-team
The text was updated successfully, but these errors were encountered: