-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication Tutorial always returns 401 Unauthorized after implementing local strategy #875
Comments
Interestingly, if I supplied options to the AuthService to override Passport, it always returned a 401. Example:
If I remove these options, it works as expected. |
cc @johnbiundo |
@labcorp-clinical-development Do you have a minimal reproduction of this issue? |
Hi @johnbiundo. I do in a private Gitlab repo. I'm fairly busy at the moment, but let me try to find some time this evening to get a publicly available repo to you. I'm using MongoDB + Mongoose for database connectivity and "email" for the "username" field. It seemed to be a combination of the method I was using to retrieve the user, and also changing the PassportStrategy. Given that removing the strategy makes the application work, the bug has to be related to my service method. |
@labcorp-clinical-development Sure thing. It would be great to reduce it to a minimal case. I would start by removing the dependency on MongoDB (e.g., hard code user info) to eliminate that variable and to make the repro test case simple to work with. |
@johnbiundo a failing example is here https://github.com/leosuncin/nest-auth-example but only with node.js version greater than 13.0.0, in the previous versions works well |
Let's track this here nestjs/nest#3631 |
The problem is the signature of validate method, on LocalStrategy class. Make sure it receives exactly username and password. If you replace username with email or something else it will not overload the original PassportStrategy method, returning always Unauthorized, given no clue of the error.
|
The docs do say this:
About three paragraphs above here |
Bug Report
Current behavior
Work through the steps on the Authentication tutorial until you complete the "Login Route" step.
Input Code
https://docs.nestjs.com/techniques/authentication
Expected behavior
When POSTing valid user credentials to /auth/login, the user should be returned as part of the response.
I have verified that my user's credentials are correct and that my MongoDB query works as expected when executed against the collection of User objects.
However, a 401 unauthorized is always returned.
Possible Solution
Environment
Any
The text was updated successfully, but these errors were encountered: