Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to authenticate the application client? not only the users #405

Closed
davigmacode opened this Issue Jan 24, 2017 · 7 comments

Comments

Projects
None yet
6 participants
@davigmacode
Copy link

davigmacode commented Jan 24, 2017

Hi, in my case i have many client app accessing my api service, then i just realize

  • how to authenticate each client app? (mostly using clientId and clientSecret or API key)
  • how to know from which client app, user has been registered?
  • how to limit api access based on each client app configuration?
@sinedied

This comment has been minimized.

Copy link

sinedied commented Apr 3, 2017

I'm also interested in this.
Currently this module seems to only support user authentication, but provides no way to support service authentication, am I correct?

If I'm wrong, please provide some example on how to setup auth for such use cases, or at least some pointer on how to extend the auth service to implement this ourserlves?

@matt-d-rat

This comment has been minimized.

Copy link

matt-d-rat commented May 4, 2017

I too am in the same boat, I need a way to authenticate an external app/service (which I am writing) with the server, but not as a user. I imagine using some sort of API key known to the server and the app/service in question. Any ideas on how one might approach this?

@sinedied

This comment has been minimized.

Copy link

sinedied commented May 4, 2017

This may just require some docs actually, here's how I did it:

  • I used feathers-authentication-local as the base, with a customized ServicerVerifier class
  • I use a different mongo collection for service clients than the users local auth
  • I setup my service auth to use clientId and clientSecret keys instead of email and password

Then everything works as expected, with JWT tokens :)

@kokujin

This comment has been minimized.

Copy link

kokujin commented May 6, 2017

Would you care to share some code on this @sinedied ?

@Chathula

This comment has been minimized.

Copy link

Chathula commented Jun 2, 2017

I also need to have this..

Laravel-passport has this feature.i am looking for a nodejs way to do it.. this is a must!!

@Chathula

This comment has been minimized.

Copy link

Chathula commented Jun 2, 2017

@sinedied, can you write a tutorial or share some doc! It good, but if you can atleast share some code..

Thank you...

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Jul 24, 2017

Yeah we do the same thing that @sinedied describes here: #405 (comment).

We've had this as a todo for a while now. If you don't need to do anything that different from normal local auth except for use different key names and services you can just do something like this:

// In your config
{
  "auth": {
    ...
    "strategies": ["local", "client"],
    "local": {
      "name": "local",
      "usernameField": "email",
      "passwordField": "password",
      "service": "users"
    },
    "client": {
      "name": "client",
      "usernameField": "clientId",
      "passwordField": "clientSecret",
      "service": "clients" // you could just use the "users" service if you store the `clientId` and `clientSecret` on the user object. Totally up to you.
    }
  }
}

// Where you set up authentication
let config = app.get('auth');

app.configure(authentication(config))
  .configure(local(config.local))
  .configure(local(config.client))
  .configure(jwt())

// register ALL your strategies allowed for authentication
app.service('authentication').hooks({
  before: {
    create: authentication.hooks.authenticate([config.strategies]),
    remove: authentication.hooks.authenticate('jwt')
  }
});

// In your client, if you want to authenticate
// the client and not the user.
app.authenticate({
  strategy: 'client',
  clientId: 'my-client-ID',
  clientSecret: 'my-secret'
}).then({ accessToken } => {
  // do authenticated things
});

If you need to do something a bit more complex then you will need to also create a custom Verifier. There is a basic example of how to do that here: https://github.com/feathersjs/feathers-authentication-local#customizing-the-verifier.


I'm going to close this to keep issues in here related to bugs and features. I've created an issue in feathers-docs to track progress on more comprehensive documentation: feathersjs/docs#786.

@ekryski ekryski closed this Jul 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.