Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Socket connection is disconnected when jwt expired. #3508

Open
fxpoet opened this issue Jun 28, 2024 · 3 comments
Open

Socket connection is disconnected when jwt expired. #3508

fxpoet opened this issue Jun 28, 2024 · 3 comments

Comments

@fxpoet
Copy link

fxpoet commented Jun 28, 2024
edited
Loading

Steps to reproduce

  1. I did set jwt expire time very shortly for testing token refreshing. set 5seconds.
    config/default.json

  2. after 5seconds.
    feathers debug printed "Removing authentication information and expiration timer from connection"
    and then socket connection was disconnected.

  3. Normally socket.IO would try to reconnect, but no reconnection attempt was made.
    The reason seems to be a normal disconnection from the server.

  4. so when I do service('users').find (), It freezes. (because socket is disconnected)

Expected behavior

Even if the jwt expire time expires,
I expected the socket connection to remain connected and
only the authentication information to be deleted.

Actual behavior

  1. at @feathersjs/authentication/src/jwt.ts@52
    It will fire app.emit('dissconect) when jwt expire time.

  2. at @feathersjs/authentication/src/jwt.ts@64
    I will remove auth info in socket connection when app.on('disconnect')

  3. @feathersjs/socketio/src/middleware@7
    when app.on('disconnect') -> socket.disconnect()

app.emit('disconnect') is executed, the socket is actually disconnected.
I don't know if disconnecting when the jwt expires is the intended design.

I changed it to app.emit('auth-expired') instead of app.emit('disconnect'),
and changed the event name in the jwt to the corresponding event name, and it worked as I expected.

Module versions (especially the part that's not working):

5.0.25
@fxpoet fxpoet changed the title socket disconnected when jwt expired. Socket disconnected when jwt expired. Jun 28, 2024
@fxpoet fxpoet changed the title Socket disconnected when jwt expired. Socket connection is disconnected when jwt expired. Jun 28, 2024
@Meatysoda
Copy link

maybe you can emit a 'create', 'authentication' event when deadline comes?

@fxpoet
Copy link
Author

fxpoet commented Aug 10, 2024

In the case of socket connections, there are also anonymous connections that are not related to authentication. Therefore, when the jwt expires, the connection should remain intact and only the authentication information should be deleted to return to an anonymous state. However, the current implementation disconnects the connection and does not attempt to reconnect, so it causes a freeze when .find() is performed.

@fxpoet
Copy link
Author

fxpoet commented Aug 10, 2024

Currently, I have implemented it so that the JWT is refreshed when it expires.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fxpoet @Meatysoda