Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

accessToken not being used when provided by client over socketio #400

Closed
rithvikvibhu opened this Issue Jan 18, 2017 · 11 comments

Comments

Projects
None yet
3 participants
@rithvikvibhu
Copy link

rithvikvibhu commented Jan 18, 2017

In the react native app which connects with socketsio, I think I got auth working. But when services are called, there's a timeout of 5000ms (p.s. 5000ms definitely doesn't pass and the app would've started 2 seconds before):

// The first fail is intended as no jwt is found in localstorage. The 2nd is successful and returns accessToken and userId in payload
Auth failed Error: Could not find stored JWT and no authentication strategy was given(…)
response from local auth: Object {accessToken: "eyJ..."}
payload: Object {userId: "mWAWCagp3RMKMAW9", iat: 1484716405, exp: 1484802805, aud: "https://yourdomain.com", iss: "feathers"…}
Auth failed Error: Timeout of 5000ms exceeded calling users::get(…)

So I checked the feathers server debug logs and found that the auth was successful (and the client could get and use it). But when the .find() request was made, this happened:

socket.io-parser decoded 22["users::get","mWAWCagp3RMKMAW9",{}] as {"type":2,"nsp":"/","id":2,"data":["users::get","mWAWCagp3RMKMAW9",{}]} +63ms
  socket.io:socket got packet {"type":2,"nsp":"/","id":2,"data":["users::get","mWAWCagp3RMKMAW9",{}]} +63ms
  socket.io:socket emitting event ["users::get","mWAWCagp3RMKMAW9",{}] +1ms
  socket.io:socket attaching ack callback to event +0ms
  socket.io:socket dispatching an event ["users::get","mWAWCagp3RMKMAW9",{},null] +0ms
  feathers-socket-commons:methods Got 'users::get' event with connection +1ms { provider: 'socketio',
  user: 
   { email: 'a@a.aa',
     password: '$2a$10$1TmNLKJIet6u6ML5p/dZ4e9WWtOHhVlFW4uUobKZBdbG9SuZZLXeu',
     _id: 'mWAWCagp3RMKMAW9' },
  payload: { userId: 'mWAWCagp3RMKMAW9' },
  accessToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6ImFjY2VzcyJ9.eyJ1c2VySWQiOiJtV0FXQ2FncDNSTUtNQVc5IiwiaWF0IjoxNDg0NzE2NDA1LCJleHAiOjE0ODQ4MDI4MDUsImF1ZCI6Imh0dHBzOi8veW91cmRvbWFpbi5jb20iLCJpc3MiOiJmZWF0aGVycyIsInN1YiI6ImFub255bW91cyJ9.XUBjjzz3bRhnSm1KGvkOfqmfoXyo7QiKzsOEp7lUbKo',
  headers: { Authorization: 'eyJhbGciOiJIUzI1NiIsInR5cCI6ImFjY2VzcyJ9.eyJ1c2VySWQiOiJtV0FXQ2FncDNSTUtNQVc5IiwiaWF0IjoxNDg0NzE2NDA1LCJleHAiOjE0ODQ4MDI4MDUsImF1ZCI6Imh0dHBzOi8veW91cmRvbWFpbi5jb20iLCJpc3MiOiJmZWF0aGVycyIsInN1YiI6ImFub255bW91cyJ9.XUBjjzz3bRhnSm1KGvkOfqmfoXyo7QiKzsOEp7lUbKo' },
  authenticated: true }
  feathers-errors NotAuthenticated(401): Authentication token missing. +2ms
  feathers-socket-commons:methods Error calling users::get +1ms { NotAuthenticated: Authentication token missing...

Expected behavior

Return service .Find() data.

Actual behavior

401 Not Authorized - auth token missing, even if provided by feathers-client

System configuration

Tell us about the applicable parts of your setup.

Using feathers 2.0.3 and feathers-athentication 1.0.2, latest feathers client
And latest react native.

Also, did migration of feathers-athentication to 1.X and using feathers-permissions

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Jan 20, 2017

Are you calling find after your authentication promise has returned? We haven't had any issues on React Native and have been using the new auth for a while.

@rithvikvibhu

This comment has been minimized.

Copy link
Author

rithvikvibhu commented Jan 20, 2017

debugger-ui:94 Console was cleared
index.android.bundle:40972 Running application "HomeChefApp" with appParams: {"initialProps":{},"rootTag":1}. _DEV_ === true, development-level warning are ON, performance optimizations are OFF

// As expected with no stored jwt in storage.
index.android.bundle:72916 jwt Auth failed Error: Could not find stored JWT and no authentication strategy was given(…)

// Socket connect
index.android.bundle:72958 connect

// Local auth successful
index.android.bundle:72945 response from local auth: Object {accessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6ImFjY2VzcyJ9.eyJ1c2VyS…1cyJ9.XUBjjzz3bRhnSm1KGvkOfqmfoXyo7QiKzsOEp7lUbKo"}

// Calling authenticate() so it uses stored jwt, returns same token, with payload
index.android.bundle:72906 result: Object {accessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6ImFjY2VzcyJ9.eyJ1c2VyS…1cyJ9.XUBjjzz3bRhnSm1KGvkOfqmfoXyo7QiKzsOEp7lUbKo"}
index.android.bundle:72909 payload: Object {userId: "mWAWCagp3RMKMAW9", iat: 1484716405, exp: 1484802805, aud: "https://yourdomain.com", iss: "feathers"…}

// This happens inside the promise, hence the unrelated "jwt auth error" tag:
// this.app.service('users').get(payload.userId);
index.android.bundle:72916 jwt Auth failed Error: Timeout of 5000ms exceeded calling users::get(…)

The relevant client side code:

this.app.authenticate()
              .then( (result) => {
                  console.log('result:', result);
                  return this.app.passport.verifyJWT(result.accessToken);
              }).then( (payload) => {
                  console.log('payload:', payload);
                  // this.app.service('foods').get('5877783b2aa1cc1c04a0c1e3').then(result => {console.log('Foods result:', result);});
                  return this.app.service('users').get(payload.userId);  // My jwtoken contains the user's id
              }).then ( (user) => {
                  this.app.set('user', user);
                  renderApp(user);     // Start up the application proper
              }).catch(function(error){
                  console.log("jwt Auth failed", error);
                  // renderLogin();  // Show the login form
              });
@rithvikvibhu

This comment has been minimized.

Copy link
Author

rithvikvibhu commented Jan 20, 2017

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Jan 20, 2017

Hmmm. Everything looks right. We have it working on RN without any issues but maybe there is a bug somewhere. The token should be stored in localstorage after the first .then after authenticate. @rithvikvibhu any chance you can post a link to simplified RN project? It will help immensely with debugging. 😄

@ekryski ekryski added the Bug label Jan 20, 2017

@jamesholcomb

This comment has been minimized.

Copy link

jamesholcomb commented Jan 20, 2017

@ekryski Do you have an RN socket reference project (or at least an index.js) using auth 1.0 you can share? I'm facing a similar issue.

@rithvikvibhu

This comment has been minimized.

Copy link
Author

rithvikvibhu commented Jan 20, 2017

@ekryski I have the projects on GitLab (sorry github, its not you, its me) so I've made them public for now (till this issue is closed)

Server: https://gitlab.com/rithvikvibhu/homechef-feathers
React Native App: https://gitlab.com/rithvikvibhu/homechef-app

Not very neat, i know

@jamesholcomb

This comment has been minimized.

Copy link

jamesholcomb commented Jan 22, 2017

@rithvikvibhu I looked at your source...check your user hooks. There is a reference to verifyTokenwhich is most likely your issue.

@rithvikvibhu

This comment has been minimized.

Copy link
Author

rithvikvibhu commented Jan 23, 2017

@jamesholcomb I thought that the legacy hooks could still be used through feathers-legacy-authentication-hooks?
I will switch to feathers-permissions and get back here if it works.

@rithvikvibhu

This comment has been minimized.

Copy link
Author

rithvikvibhu commented Feb 27, 2017

Sorry about the delay. Stupid school exams.
Since feathers-permissions isn't finalized and I couldn't find any examples on using it, I can't implement it right now.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Apr 11, 2017

@rithvikvibhu you can use the legacy-hooks (now renamed to feathers-authentication-hooks until permissions are ready).

Instead of the lines here: https://gitlab.com/rithvikvibhu/homechef-feathers/blob/master/src/services/user/hooks/index.js#L12-13

You just want to have auth.hooks.authenticate('jwt'). Just replace the verifyToken and populateUser hooks with the authenticate one everywhere and you should be good. authenticate does both of those internally now.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Apr 11, 2017

Let us know if that doesn't work and we can re-open the issue. I'm going to close this for now to keep our issues triaged. 😄

@ekryski ekryski closed this Apr 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.