Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

app.authenticate not working #466

Closed
sylvainlap opened this Issue Mar 30, 2017 · 7 comments

Comments

Projects
None yet
3 participants
@sylvainlap
Copy link

sylvainlap commented Mar 30, 2017

According to docs, https://docs.feathersjs.com/v/auk/api/authentication/server.html#appauthenticatedata, app.authenticate(data) can be used to generate a jwt.

In my app, I tried to use this fonction:

// create accessToken
    const accessToken = await app.authenticate({
      strategy: 'local',
      email: user.email,
      password,
    });

As a result, accessToken seems to be a function...

I'm using feathers-authentication v1.2.0

@corymsmith

This comment has been minimized.

Copy link
Contributor

corymsmith commented Mar 30, 2017

authenticate returns a promise and the result is an object like:

{
    accessToken: "<ACCESS TOKEN>"
}
@sylvainlap

This comment has been minimized.

Copy link
Author

sylvainlap commented Mar 31, 2017

Actually, authenticate do not return a promise.

Here is an example, with feathers-authentication v1.2.0:

I created this middlware:

module.exports = (app) => (req, res, next) => {
  return app.authenticate({
    strategy: 'local',
    email: 'toto@example.com',
    password: 'pass'
  })
  .then(token => {
    console.log(token)
    return next()
  })
  .catch(next)
}

When I hit the endpoint, I got this error:

{
  "name": "GeneralError",
  "message": "app.authenticate(...).then is not a function",
  "code": 500,
  "className": "general-error",
  "data": {},
  "errors": {}
}
@sylvainlap

This comment has been minimized.

Copy link
Author

sylvainlap commented Mar 31, 2017

I tried to debug with vscode, and app.authenticate seems to be set by:

passport/lib/authenticator.js:

Authenticator.prototype.authenticate = function(strategy, options, callback) {
  return this._framework.authenticate(this, strategy, options, callback);
};

app.authenticate seems to be the same as passport.authenticate.

EDIT: in fact, I'm now sure of that: https://github.com/feathersjs/feathers-authentication/blob/master/src/index.js#L41

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Mar 31, 2017

Oh wow. I'm not sure how I did that. I must have gotten my wires crossed with the client while I was writing the docs the other day. Good grief.

So the real docs for app.authenticate are currently here: http://passportjs.org/docs/authenticate

I know where to spend my next couple of hours in the docs. 😇

@corymsmith

This comment has been minimized.

Copy link
Contributor

corymsmith commented Mar 31, 2017

I also read the issue wrong, I thought you were trying to call authenticate using feathers-authentication-client

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Mar 31, 2017

@ekryski and I have decided to pull app.authenticate from the documentation. Since there is no reason to call app.authenticate on the server, ever. If the server needs to authenticate with another server, it should use the feathers-authentication-client. The app.authenticate() method will only be useful for creating custom transport plugins (alternatives to feathers-socketio and feathers-rest). We will actually be renaming the method to app._authenticate to denote that it's more of a "private" API. Later, when we are ready to add documentation for creating custom Transports and auth plugins, we will add it to the docs as part of that phase.

There are two ways of creating JWT:

  1. The app.passport.createJWT() method allows you to manually create a JWT and bypass the authentication. On the server, it's more likely that you'd use this method for any custom tokens you need to create, for whatever obscure reason.
  2. The app.service('/authentication').create() method runs through the same process as calling the .authenticate() method from the client. The authorization service is basically the public endpoint for login and logout.
@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Mar 31, 2017

Thanks @sylvainlap for discovering the problem. Also, sorry for the confusion I caused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.