Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using custom passport strategies #356

Closed
KidkArolis opened this Issue Nov 28, 2016 · 1 comment

Comments

Projects
None yet
1 participant
@KidkArolis
Copy link

KidkArolis commented Nov 28, 2016

Hi, still reading through the docs and code, but struggling to make sense of it so far...

All I want is a user object populated in my middleware and all services where I use this strategy https://github.com/ripjar/passport-trusted-header to create my user object. First thing I'm stuck with is that in passport docs they do passport.use(), but that's not available in feathers-authentication.

I'm also confused whether I need all/any of these:

  • app.service('authentication').hooks({
  • app.service('users').hooks({
  • auth.express.authenticate('local'
  • let config = app.get('auth'); config.facebook.strategy = FacebookStrategy; app.configure(authentication(config))

In particular, I find these 2 snippets in the README quite confusing:

app.service('authentication').hooks({
  before: {
    create: [
      // You can chain multiple strategies
      auth.hooks.authenticate(['jwt', 'local'])
    ],
    remove: [
      auth.hooks.authenticate('jwt')
    ]
  }
});

// Add a hook to the user service that automatically replaces
// the password with a hash of the password before saving it.
app.service('users').hooks({
  before: {
    find: [
      auth.hooks.authenticate('jwt')
    ],
    create: [
      local.hooks.hashPassword({ passwordField: 'password' })
    ]
  }
});
  • Does the first one mean - "make sure user is authenticated before... someone calls authentication.create"?
  • Or does feathers call authentication.create and this says "use jwt strategy"?
  • But then when would I pass "jwt" to this before hook and when would I pass it to express.auth.authenticate("jwt")
  • Is the fact that you show "jwt", "local" in create, but only "jwt" in the remove a demo of the feature or a recommended way of setting it up? Is this an example of some specific use case?
  • When do I need and not need to set these users/authentication hooks?
  • Do I ever need to manually use the services("authentication")?

I'm just hoping that these questions will ... shed some light on which bits confuse me so you guys can clarify ;) ✌️ Or maybe it's just me!

(I'm using feathers-authentication@next).

@KidkArolis

This comment has been minimized.

Copy link
Author

KidkArolis commented Nov 28, 2016

Ok, I think I got it:

...
const auth = require('feathers-authentication')
const passportTrustedHeader = require('passport-trusted-header')

const app = feathers()

app
  ...
  .configure(auth({ secret: '-' }))
  .use(auth.express.authenticate('trusted-header'))

app.passport.use(new passportTrustedHeader.Strategy({ headers: ['x-user-id'] }, function (requestHeaders, done) {
  var userId = requestHeaders['x-user-id']
  var user = { id: userId }
  done(null, user)
}))

With this I get req.user and hooks.params.user, which is all I wanted.

@KidkArolis KidkArolis closed this Nov 28, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.