Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to make a user automatically logined on server side? #659

Closed
flight9 opened this Issue Apr 2, 2018 · 8 comments

Comments

Projects
None yet
2 participants
@flight9
Copy link

flight9 commented Apr 2, 2018

I'm using authentication and socket.io on server side.
(strategies are 'jwt' and 'local'.)

My requirement:

In wechat auth process, after I got a openid on server which represents the current user, and I query db to find this user object by his openid, then How can I authenticate him on server side without knowing his original password or any other credentials(like jwt).

It's easy for us to use session on Express to do that:

req.session.user = theUser; // theUser object is queried from db by openid

But on feathers-authentication, no API seems to support that, how to do it?

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Apr 2, 2018

This is explained in the testing guide. Just pass the user object in the service call params:

    // Create a new user we can use for testing
    const user = await app.service('users').create({
      email: 'messagetest@example.com',
      password: 'supersecret'
    });

    // The messages service call params (with the user we just created)
    const params = { user };
    const message = await app.service('messages').create({
      text: 'a test',
      additional: 'should be removed'
    }, params);
@flight9

This comment has been minimized.

Copy link
Author

flight9 commented Apr 3, 2018

@daffl Sorry, I don't get the point. Maybe I did not say it clearly, it's not for test purpose.

Why do I need to login the user for himself on server? Because in wechat auth process, if I got the user's openid on server side, I can rationally believe that it is the user himself (not anyone else). And user perfers our server to do the login work automatically for him rather than enter username/password everytime he opens our wechat page.

My requirement is to make that user really logined(without knowing his password) on server side and generate a jwt back to client just like he login from the client by himself.

Hope the above make it more clearly.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Apr 3, 2018

If you are using Wechat oAuth2, Feathers oAuth2 authentication will do this automatically.

You can also create your own tokens on the server using the authentication service. A default Feathers JWT contains a userId property with the id of the user. On the server:

const { accessToken } = await app.service('authentication').create({}, {
  payload: { userId: '<my user id>' }
});
@flight9

This comment has been minimized.

Copy link
Author

flight9 commented Apr 4, 2018

@daffl yes, originally I want to do wechat oauth with 'Feathers oAuth2 authentication', but it seems Passport.js hasn't supported a strategy for wechat. So have to do it myself.

Thank you for the code to generate accessToken, then how can I send back the accessToken to let authentication-client save it and carry it in the following request just like a user logins in from the client?

Currently I use a service to send accessToken back in a client find() response and then use

app.authenticate({strategy: 'jwt', accessToken: <my token>}) 

to re-authenticate from client.

Although it works, I don't think my idea is a regular way to do that. Could you give me further suggestions?

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Apr 4, 2018

@flight9

This comment has been minimized.

Copy link
Author

flight9 commented Apr 5, 2018

@daffl Thanks for the url, I should learn more about that.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Apr 5, 2018

Sounds good. Going to close this then since it probably makes sense to use one of the existing strategies instead of trying to put it together yourself.

@daffl daffl closed this Apr 5, 2018

@flight9

This comment has been minimized.

Copy link
Author

flight9 commented Apr 14, 2018

@daffl

What's wrong with https://github.com/liangyali/passport-wechat?

I found a problem about configuation.
In https://github.com/liangyali/passport-wechat, it uses 'appID' and 'appSecret' as below:

passport.use(new WechatStrategy({
        appID: {APPID},
        name:{默认为wechat,可以设置组件的名字}
        appSecret: {APPSECRET},
        client:{wechat|web},
        callbackURL: {CALLBACKURL},
        scope: {snsapi_userinfo|snsapi_base},
        state:{STATE},
        getToken: {getToken},
        saveToken: {saveToken}
      },
      function(accessToken, refreshToken, profile,expires_in, done) {
        return done(err,profile);
      }
));

But in @feathersjs/authentication-oauth2, it uses 'clientID' and 'clientSecret':

app.configure(oauth2({
  name: 'facebook',
  Strategy: FacebookStrategy,
  clientID: '<your client id>',
  clientSecret: '<your client secret>',
  scope: ['public_profile', 'email']
}));

This may cause an error when you try to use authentication-oauth2 to initialize wechat strategy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.