Skip to content
This repository has been archived by the owner on Apr 23, 2019. It is now read-only.

Authorization Header not sent!! #69

Closed
mehdi-cit opened this issue Sep 22, 2017 · 2 comments
Closed

Authorization Header not sent!! #69

mehdi-cit opened this issue Sep 22, 2017 · 2 comments

Comments

@mehdi-cit
Copy link

Hello all,
I'm probably missing something trivial as I'm cannot get the Authorization header set using feathers.
On the client side, my simple code looks like the following:

const feathers = require('feathers/client');
const rest = require('feathers-rest/client');
const superagent = require('superagent');
const hooks = require('feathers-hooks');
const auth = require('feathers-authentication-client');

let client = feathers();
// NOTE: the order is important: auth must be configured _after_ rest/socket
client.configure(hooks())
        .configure(rest('http://localhost:3030').superagent(superagent))
        .configure(auth({ storage: localStorage }));
let proxyService = client.service('proxy');
proxyService.find().then(response => document.write(response));    

Basically I want to use feathersjs on the client to send the Authorization token and on the server side (using feathersjs as well) I will only allow the proxy to fetch content from my protected servers if the user is authenticated.
The problem is that even though a user is loged in, the proxy sees as unknown since there's no Authorization header that is received on the server.
I used chrome devtools and sure enough the header is missing. Using the same devtools I do see the authorization header (I use JWT) in case the browser invokes the /authorization path.
In other words, If I use the authentication on the client side by basically copying the code in the docs it all works file and I can find the Authorization header if /authentication is invoked.
If I try to use my own thing (read code above) the authorization is never sent although it's there in the LocalStorage (The JWT is in localStorage).

Thanks in advance for any guidance.

@mehdi-cit
Copy link
Author

mehdi-cit commented Sep 22, 2017

Forgot to add the code on the server:

app.use('/proxy', (req, res, next) => {
    // In here and through debugging I find that req.headers is missing the Authorization header!
   // Here I plan to connect to my other protected servers and fetch protected documents if Authrization 
   // allows it. But since Authrization is missing this would never happen !!! 
    next();
});

@daffl
Copy link
Member

daffl commented Sep 24, 2017

Two things:

  1. You always have to call app.authenticate - either with the credentials or with no parameters to try authentication with the token from localstorage
  2. Only services will be protected by default, not normal Express middleware (which is what you are using). This is what the authentication Express middleware can be used for however.

@daffl daffl closed this as completed Sep 27, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants