Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1.0 Pre-release #336

Merged
merged 95 commits into from Nov 16, 2016

Conversation

Projects
None yet
3 participants
@ekryski
Copy link
Member

ekryski commented Oct 29, 2016

Summary

This is a pretty big overhaul and now utilizes passport for the core authentication. This allows us to use any passport strategy from any location: hooks, express middleware, sockets. It also future proofs us so that all we need to do is adapt any other framework or transport to match the expected Passport request object.

Still to do:

  • Fix tests
  • Wrap up integration tests
  • Fix Auth Client to be consistent
  • Update docs
    • Highlight new features
    • Migration guide
    • Highlight data flow to create a JWT
    • Document public API/Options
    • Document basic usage
    • Document customizing JWT payload
    • Document verifying a JWT payload
    • Document not sending a JWT
    • Document refresh tokens
    • Document expected request object (writing a custom adapter)
  • Show examples. These likely should just be guides on Medium with gists

Stretch Goals

  • Add wrapper plugins for common authentication strategies that are are more feathers specific:

These should remove a bunch of the passport boilerplate around setting up middleware routes, looking up the user, verifying password, and populating the user. They should pull from the main app config object. This should make for an easier transition for people as they generally can just be a one liner. Example usage:

const auth = require('feathers-authentication');
const permissions = require('feathers-permissions');
const local = require('feathers-authentication-local');
const jwt = require('feathers-authentication-jwt');
const oauth2 = require('feathers-authentication-oauth2');
const FacebookStrategy = require('passport-facebook').Strategy;
const memory = require('feathers-memory');

app.configure(auth())
  .configure(local())
  .configure(jwt())
  .configure(oauth2({ //can provide multiple Oauth2 strategies
    facebook: { // defaults to '/auth/facebook' and '/auth/facebook/callback'
      strategy: FacebookStrategy
      clientID: '',
      clientSecret: '',
      options: { // passport options

      }
    }
  }))
  .use('/users', memory());

app.service('users').hooks({
  before: {
    all: [
      permissions.hooks.hasPermissions(),
      permissions.hooks.isPermitted()
    ]
    find: auth.hooks.authenticate('jwt'),
    get: auth.hooks.authenticate('jwt'),
    create: auth.hooks.hashPassword(),
    patch: auth.hooks.authenticate('jwt'),
    remove: auth.hooks.authenticate('jwt'),
  }
});

Other Information

Related to feathersjs/authentication-client#7

ekryski and others added some commits Apr 14, 2016

Allow passing options when creating a JWT.
Used to customize the type of token we want to generate (ie. confirmation, password reset, etc.)
Attempt to get token right away. (#252)
* Attempt to get token right away.

This makes it so that we don’t have to wait for an async response in order to start making authenticated requests.

* Also set up localStorage.
- `auth.idField` has been removed. It is now included in all services so we can pull it internally without you needing to specify it.
- `auth.shouldSetupSuccessRoute` has been removed. Success redirect middleware is registered automatically but only triggers if you explicitly set a redirect. [See redirecting]() for more details.
- `auth.shouldSetupFailureRoute` has been removed. Failure redirect middleware is registered automatically but only triggers if you explicitly set a redirect. [See redirecting]() for more details.
- `auth.tokenEndpoint` has been removed. There isn't a token service anymore.

This comment has been minimized.

@marshallswain

marshallswain Nov 15, 2016

Member

We should add a note stating why there isn't a token service anymore. Something like "It has been replaced by custom routes with auth strategies."

This comment has been minimized.

@ekryski

ekryski Nov 15, 2016

Author Member

Sure thing. It sort of is still there though. Currently that's basically what the authentication service is. It generates and removes token.

- `auth.shouldSetupFailureRoute` has been removed. Failure redirect middleware is registered automatically but only triggers if you explicitly set a redirect. [See redirecting]() for more details.
- `auth.tokenEndpoint` has been removed. There isn't a token service anymore.
- `auth.localEndpoint` has been removed. There isn't a local service anymore. It is a passport plugin and has turned into `feathers-authentication-local`.
- `auth.userEndpoint` has been removed. It is now part of `feathers-authentication-local` and is `auth.local.service`.

This comment has been minimized.

@marshallswain

marshallswain Nov 15, 2016

Member

and is --> as

@ekryski

This comment has been minimized.

Copy link
Member Author

ekryski commented Nov 15, 2016

Tests aren't passing because the plugins and auth are all dependent on each other and aren't published yet. Almost done wrapping up the integration tests and I will publish a pre-release of all of them and then get the client wrapped up.

@ekryski ekryski merged commit 97f8004 into master Nov 16, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@ekryski ekryski deleted the 1.0 branch Nov 16, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.