Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[oAuth] User profile should be updated every time they are authenticated #124

Closed
catalinmiron opened this Issue Mar 24, 2016 · 2 comments

Comments

Projects
None yet
3 participants
@catalinmiron
Copy link

catalinmiron commented Mar 24, 2016

I have the following scenario.

Scenario: Auth, revoke and auth again 
    Given I authenticate using dribbble oauth
    And I receive the JWT among with accessToken
    And I can make a request to dribbble using that accessToken
    When I revoke the app from my account
    And login again
    Then I receive the same accessToken
    And the requests to dribbble returns "Bad credentials"
    And I cannot use the same user again within the app

This might be related to https://github.com/feathersjs/feathers-authentication/blob/fca25f2b5b03b773975595ae9ac034199df5127b/src/services/oauth2/index.js#L42-L51 because we're not doing anything if the user exists in the db.

Solution

Probably do a patch to user/ with the new accessToken? or maybe the whole profile because in the meantime, the user can also change his profile pic or name or email and we're not keeping the truth in our db.

Todo

  • add an integration test following the above scenario

@ekryski ekryski added the Bug label Mar 26, 2016

@ekryski ekryski changed the title [oAuth] Always add accessToken to the user profile [oAuth] User profile should be updated every time they are authenticated Mar 26, 2016

@ekryski ekryski modified the milestone: 0.7 Mar 26, 2016

@ekryski ekryski referenced this issue Mar 30, 2016

Merged

0.7 Release #139

17 of 17 tasks complete
@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Mar 30, 2016

Manually tested. I haven't quite figured out how to write an integration test for OAuth because you need to log in to the service and authorize the application.

@corymsmith

This comment has been minimized.

Copy link
Contributor

corymsmith commented Mar 30, 2016

I think the only way you'd want an actual integration for this is if you set up a local OAuth server and did integration tests against that vs. an actual external service.

@ekryski ekryski closed this in 72be2f8 Mar 30, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.