Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JWT Payload is null after app logout #991

Closed
daffl opened this issue Sep 11, 2018 · 2 comments

Comments

@daffl
Copy link
Member

commented Sep 11, 2018

From @paulrostorp on February 23, 2018 14:48

Steps to reproduce

Login => app.logout() from authentication client => Login again

Expected behavior

The returned JWT should return with a payload containing UserId.

Actual behavior

A JWT is returned but no userId, the jwt payload is empty.

What seems to be happening is that req.params still contains the user object even after logout (this statement returns true even after logout : https://github.com/feathersjs/authentication-oauth2/blob/master/lib/verifier.js#L92) , which leads to the verifier completing without returning a payload: https://github.com/feathersjs/authentication-oauth2/blob/master/lib/verifier.js#L101
A quick fix is to customize the verifier like so:

      if (existing) {
        return this._updateEntity(existing, data)
          .then(entity => {
            const id = entity[this.service.id];
            const payload = { [`${this.options.entity}Id`]: id };
            done(null, entity, payload)})
          .catch(error => error ? done(error) : done(null, error));
      }

But I am not sure this is suitable because this may be a safety issue. I'm also not sure the error comes from this package. This may be a problem with feathers logout mechanism. Any guidance would be appreciated.
Note: this is definitely not an error on the client because if I restart the feathers server (after logout that is) the login works again.

System configuration

I am using the passport-facebook-token Strategy to auth with a Facebook access token obtained within my react native app.

Module versions (especially the part that's not working):
@feathersjs/feathers@3.1.2
@feathersjs/authentication@2.1.2
@feathersjs/authentication-jwt@2.0.0
@feathersjs/authentication-oauth2@1.0.3
@passport-facebook-token@3.3.0
on client:
@feathersjs/authentication-client@1.0.2
@feathersjs/client@3.3.1

Copied from original issue: feathersjs-ecosystem/authentication-oauth2#68

@daffl

This comment has been minimized.

Copy link
Member Author

commented Sep 11, 2018

From @joaovbalmeida on July 19, 2018 19:21

Same happening here with spotify passport strategy

@daffl

This comment has been minimized.

Copy link
Member Author

commented Jun 6, 2019

This should be fixed in Feathers v4 authentication. See the Migration guide for more information on how to upgrade.

@daffl daffl closed this Jun 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.