Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Epic] Auth 2.0.0 #513

Closed
ekryski opened this Issue May 19, 2017 · 5 comments

Comments

Projects
None yet
3 participants
@ekryski
Copy link
Member

ekryski commented May 19, 2017

There are a couple things that didn't make it into the Auth 1.0 release that I would like to refactor and get in, as well as a couple bug fixes that are breaking changes.

This is a ZenHub Epic. You'll need the ZenHub plugin to see everything.

Proposal

I have a couple auth PRs up to fix bugs that are breaking changes. I have some other local code that would also be breaking changes so maybe it constitutes rolling them together into a new major pre-release. Specifically:

  • Using the correct config key name #506
  • rolling in some support on both server + client side pieces of auth for refresh tokens
  • making oauth redirects use querystrings instead of cookies
  • adding a jwt-refresh strategy
  • removing the jwt strategy from the before hooks on authentication. You shouldn’t be able to use a valid access token to get a new one
  • making the authentication service an actual service and moving the JWT generation to hooks. This allows you to provide a backing store to your authentication service where you can blacklist/whitelist access/refresh tokens and store whatever fields you want alongside those tokens (ie. user, client id, ip, TTL, etc.)
  • utilize jwt.id create a unique ID for each JWT generated so that it is easier to blacklist/whitelist

ekryski added a commit that referenced this issue Jul 5, 2017

@ForsakenHarmony

This comment has been minimized.

Copy link

ForsakenHarmony commented Jul 22, 2017

(unrelated, can delete if you want) is zenhub better than github projects?

@eddyystop

This comment has been minimized.

Copy link
Member

eddyystop commented Jul 22, 2017

We only use github.

@ForsakenHarmony

This comment has been minimized.

Copy link

ForsakenHarmony commented Jul 22, 2017

This is a zenhub epic though?

@ekryski

This comment has been minimized.

Copy link
Member Author

ekryski commented Jul 24, 2017

@ForsakenHarmony, not really any more. Some additional perks to Zenhub like velocity and sprint planning but we don't use those. I think we'll end up discussing moving to just using Github projects now that they are getting more robust.

@ekryski

This comment has been minimized.

Copy link
Member Author

ekryski commented Jul 27, 2017

We've decided to move to Github projects instead. You can see the progress here: https://github.com/feathersjs/feathers-authentication/projects/1

@ekryski ekryski closed this Jul 27, 2017

ekryski added a commit that referenced this issue Oct 23, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.