Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: When is userId set? #453

Closed
whollacsek opened this Issue Mar 21, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@whollacsek
Copy link
Contributor

whollacsek commented Mar 21, 2017

The migration doc says:

By default the payload for your JWT is simply your entity id (ie. { userId }).

I've been grep'ing around for a while and l couldn't find the related code. (I searched for userId, entity, _id)

Is the doc wrong?

I'm looking for this because when I call app.service('/authentication').create({payload: {userId: _id}, jwt: {expiresIn: '10m'}}) I have to specify the payload part ({payload: {userId: _id}) otherwise the userId will not be set.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Mar 21, 2017

Are you able to make this call from the client or is it on the server?

Normally the user id is set in a before /authentication hook as the migration document shows:

// Authenticate the user using the a JWT or
// email/password strategy and if successful
// return a new JWT access token.
app.service('authentication').hooks({
  before: {
    create: [
      auth.hooks.authenticate(['jwt', 'local']),
      customizeJWTPayload()
    ]
  }
});

The local strategy will take the username and password submitted to /authentication, look it up in the database, verify the password and will then update the payload for the JWT that is created accordingly.

@whollacsek

This comment has been minimized.

Copy link
Contributor Author

whollacsek commented Mar 21, 2017

I'm calling this on the server side, I only use the jwt strategy.
So strategies other than local will not insert the userId into jwt payload?

@whollacsek

This comment has been minimized.

Copy link
Contributor Author

whollacsek commented Mar 21, 2017

Hum ok I just realized that it doesn't make any sense to have the jwt strategy insert the userId automatically, since I'm calling the authentication endpoint on the server side there's no way for it to get the userId by it self.

@whollacsek whollacsek closed this Mar 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.