Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

what does app.service('authentication').remove(...) mean? #379

Closed
beeplin opened this Issue Dec 17, 2016 · 6 comments

Comments

Projects
None yet
3 participants
@beeplin
Copy link

beeplin commented Dec 17, 2016

In the example we see there are two methods available for app.service('authentication'):

app.service('authentication').hooks({
  before: {
    create: [
      // You can chain multiple strategies
      auth.hooks.authenticate(['jwt', 'local'])
    ],
    remove: [
      auth.hooks.authenticate('jwt')
    ]
  }
});

From feathers-authenticate-client I understand that the create method actually means calling app.authencate(...) from the client-side:

https://github.com/feathersjs/feathers-authentication-client/blob/master/src/passport.js#L139

But I cannot find where the remove method of app.service('authentication') is called. I guess it's for app.logout() from the client-side, right?

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Dec 17, 2016

I believe you are correct. If you have some sort of stateful token blacklisting, you could implement it there. I wondered the same thing, but I haven't read that part of the code, yet.

@beeplin

This comment has been minimized.

Copy link
Author

beeplin commented Dec 17, 2016

You mean the remove method is for some possible customized behavior for app.logout()? But in fact I didn't see app.logout() calling the remove method. That's why I am puzzled.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Dec 17, 2016

The tests have the answer: https://github.com/feathersjs/feathers-authentication/blob/0d1653fabd9745dd7b703c6acd2d65a734a44b0e/test/service.test.js#L102

There is also a middleware that listens for that method and calls logout.

@beeplin

This comment has been minimized.

Copy link
Author

beeplin commented Dec 17, 2016

So the remove method just verify token, and is not necessarily used with logout(). It is only because we don't have a "verify" method so we chose "remove" to do this. -- is it correct?

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Dec 18, 2016

Yes, it's kind of a fake logout method which will also trigger the app.on('logout') event. It can also be used to e.g. implement blacklisting (in a hook for remove) but doesn't do anything but verify the token (and emit the logout event) by default.

@beeplin

This comment has been minimized.

Copy link
Author

beeplin commented Dec 18, 2016

got it. thanks!

@beeplin beeplin closed this Dec 18, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.