Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication without password #246

Closed
gonzalomass opened this Issue Jul 20, 2016 · 12 comments

Comments

Projects
None yet
6 participants
@gonzalomass
Copy link

gonzalomass commented Jul 20, 2016

I have look for a way to authenticate a user (server side) with no need to pass the password. Any clue for the correct approach. I'm thinking that it will be nice to implement the function on a hook that can be trigger by a "SuperAdmin".

The task that i'm trying to tackle is an authentication that comes from an iOS app that uses Facebook Account Kit, so i'll be receiving a token that is unique to each user. I'll have to check if there is a user with that token on my database, if it exists then i have to logged him in and send back the local authentication token.

@gonzalomass

This comment has been minimized.

Copy link
Author

gonzalomass commented Jul 21, 2016

Found a way to create a local token and send it back in the hook.result.

    // Create a new token
    var tokenData = hook.app.services['auth/token']
                    .create({"_id": id, "email": email})
                    .then(function(values){
                      return values;
                    });

    hook.result = tokenData;

Any thoughts?

@ekryski ekryski added this to the 0.8 milestone Aug 9, 2016

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Aug 9, 2016

Better support is coming for this in 0.8.0

@ekryski ekryski modified the milestones: 0.8, 1.0 Nov 21, 2016

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Dec 30, 2016

This is now possible with auth v1.x. You can either implement your own passport strategy (or find an existing one) or you can simply create a custom verifier for feathers-authentication-local to not lookup the password.

@ekryski ekryski closed this Dec 30, 2016

@PavelPolyakov

This comment has been minimized.

Copy link

PavelPolyakov commented May 20, 2017

@ekryski
hi, right now it's not possible to authenticate without the password, as passport-local is looking for the password:
https://github.com/jaredhanson/passport-local/blob/master/lib/strategy.js#L75

The dirty solution would be to use the default password everywhere, but it doesn't required to use custom verifier.

any thoughts on this?

Regards,

update
update, for me the solution was to create another hook, which casts password from the username.

like this users.hooks.js:

create: [
            /**
             * Add default password
             * @param hook
             */
            function(hook) {
                hook.data.password = hook.data.username;
            },
            local.hooks.hashPassword({ passwordField: 'password' })
        ]
@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented May 20, 2017

If I understand what you're trying to do, you can probably just set hook.data.password in a before-hook on the authentication service.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented May 20, 2017

Looks like you got it figured out. ;)

@rhythnic

This comment has been minimized.

@REPTILEHAUS

This comment has been minimized.

Copy link

REPTILEHAUS commented Feb 15, 2018

Is it possible to authenticate without an email address ?

@REPTILEHAUS

This comment has been minimized.

Copy link

REPTILEHAUS commented Feb 15, 2018

Still trying to work through the feathers documentation... basically i want to create a jwt once a function in a service has been executed correctly, its not the standard conventional login i.e the user will always be authenticated so long as this function returns true... What is the best way to tackle this situation.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Feb 15, 2018

@REPTILEHAUS either the package that I sent you, or this one with a Custom Verifier. If you're not using email/password style login, the other one probably will better suit you.

@REPTILEHAUS

This comment has been minimized.

Copy link

REPTILEHAUS commented Feb 15, 2018

Cool, Ill start looking into the one you sent. Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.