Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth0 & featherjs authorization only #277

Closed
startupthekid opened this Issue Aug 21, 2016 · 14 comments

Comments

Projects
None yet
7 participants
@startupthekid
Copy link

startupthekid commented Aug 21, 2016

I'm trying out Auth0 to simplifying my authentication process and because they support a ton of different identity providers. So far it's been relatively simple and I was able to generate a jwt token via Auth0 which I then want to use to provide authorization on my server component. I really like this approach because it separates out the process of authentication and the process of getting data from the server. However, when using a verifyToken hook, it fails with an invalid signature error, despite having the correct base64 encoded shared secret, where I can verify the signature on http://jwt.io.

Is there any way to only provide authorization on a feathers server? That is to say, if I've already received a token via auth0, how can I just use that token? It should be as simple as setting the Authorization header but as I mentioned, the verifyToken hook fails despite having a valid secret. Interestingly enough, when I dived into the source for that hook and replaced jwt.verify(token, secret, options) with jwt.verify(token, new Buffer(secret, 'base64'), options), verification worked exactly as I expected.

I'm hesitant to move away from auth0 for a couple of reasons. One, authentication and networking are now two separate entities inside my application. Two, auth0 supports a bucketload of social providers like twitter, which feathers doesn't yet. But if I can't get authorization working, then I don't seem to have a choice. Has anyone had any experience integrating the two services?

@alvin

This comment has been minimized.

Copy link

alvin commented Aug 21, 2016

@startupthekid

This comment has been minimized.

Copy link
Author

startupthekid commented Aug 21, 2016

Hey @alvin, indeed I have. Is that the recommended way to support Auth0 authentication in a feathers application?

@alvin

This comment has been minimized.

Copy link

alvin commented Aug 21, 2016

... as far as I know, yeah. Auth0 works with Feathers like other oauth2 providers. Are you trying to avoid a users table in your local database?

@startupthekid

This comment has been minimized.

Copy link
Author

startupthekid commented Aug 21, 2016

Not really, really I'm just trying to keep authentication and my api in separate places. The other big thing for me was twitter authentication which I know is coming in 2.0 but I didn't have time to wait.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Aug 22, 2016

@startupthekid I put together that example a while back but yeah Auth0 is a pretty simple integration if you just follow that repo.

@startupthekid

This comment has been minimized.

Copy link
Author

startupthekid commented Aug 22, 2016

@ekryski Thanks, sounds great! 👍

@kristianmandrup

This comment has been minimized.

Copy link

kristianmandrup commented Jun 17, 2017

Auth0 demo was moved or is deprecated?!

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Jun 22, 2017

@kristianmandrup it was outdated. We need a new one.

@1beb

This comment has been minimized.

Copy link

1beb commented Jul 24, 2017

I'm also looking for an auth0 demo. Could you share the code for the old one?

@kristianmandrup

This comment has been minimized.

Copy link

kristianmandrup commented Jul 24, 2017

I have demo at gc-auth on my GitHub account

@1beb

This comment has been minimized.

Copy link

1beb commented Aug 4, 2017

@kristianmandrup I couldn't seem to find a repo with that name on your github account page.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 4, 2017

I've recently updated the Feathers generator with an option for Auth0 OAuth. If you follow the Basic OAuth Guide, replacing GitHub with Auth0, you should be able to get it to work. Ask whatever questions you may have, of course.

npm install -g feathers-cli@latest
feathers generate app
feathers generate authentication
@pmesgari

This comment has been minimized.

Copy link

pmesgari commented Aug 12, 2017

Hi @marshallswain I have created a boiler plate https://github.com/pmesgari/vv0-boilerplate for Vue-Vuetify-Vuex and Auth0 hosted login page https://auth0.com/docs/hosted-pages/login. I like to use feathers to setup an API since it really works like a charm (the server will be an independent app and not mixed with the boilerplate). I know feathersjs provides a service to create a user and retrieve a token for it, but it requires two pieces of info, a username and password. But I am confused how to use this service with the hosted login page, since basically there is no info on the password of the user.

I would really appreciate some direction and insight on how I can achieve this.
Thanks!

@kristianmandrup

This comment has been minimized.

Copy link

kristianmandrup commented Aug 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.