search

feathersjs-ecosystem / authentication-jwt

[MOVED] JWT authentication strategy for feathers-authentication using Passport
https://github.com/feathersjs/feathers
MIT License
30 stars 10 forks source link

Please add example for Auth0 integration #23

Closed kristianmandrup closed 7 years ago

kristianmandrup commented 7 years ago

Trying to figure out how to combine it with passport-auth0 any help greatly appreciated!!

daffl commented 7 years ago

Have you tried integrating it as an oAuth2 strategy as documented in the oAuth 2 API?

kristianmandrup commented 7 years ago

Thanks for commenting on this issue. I think I will just use a similar approach that I used for GraphCool (GraphQL server) with Auth0, using localstorage and setting Bearer JWT token in Passport somehow via passport-jwt and/or passport-auth0

working on various integrations here: easy-graphql-auth

OAuth2 strategy won't work, as Auth0 is itself a wrapper for various OAuth (and other) strategies, ie. a "passport" in itself

kristianmandrup commented 7 years ago

Not sure how/where auth({ storage: localStorage }) fits in with the flow below? In any case, I think this would work:

const feathers = require('feathers/client');
const rest = require('feathers-rest/client');
const superagent = require('superagent');
const hooks = require('feathers-hooks');
const localStorage = require('localstorage-memory');
const auth = require('feathers-authentication-client');

const client = feathers();

// NOTE: the order is important: auth must be configured _after_ rest/socket
client.configure(hooks())
  .configure(rest('http://localhost:3030').superagent(superagent))
  .configure(auth({ storage: localStorage }));

client.authenticate({
  strategy: 'local',
  email: 'admin@feathersjs.com',
  password: 'admin'
})
.then(response => {
  console.log('Authenticated!', response);
  return client.passport.verifyJWT(response.accessToken);
})
.then(payload => {
  console.log('JWT Payload', payload);
  return client.service('users').get(payload.userId);
})
.then(user => {
  client.set('user', user);
  console.log('User', client.get('user'));
})
.catch(function(error){
  console.error('Error authenticating!', error);
});

We pretty much just have to replace:

client.authenticate({
  strategy: 'local',
  email: 'admin@feathersjs.com',
  password: 'admin'
})
.then(response => {
  console.log('Authenticated!', response);
  return client.passport.verifyJWT(response.accessToken);
})

With something like:

lock
  .subscribeAuthenticated()
  .showLock(displayConfig)
  .onSuccess('signin', (data) => {
    let {
      auth0Token,
      profile
    } = data
    console.log('Authenticated!', data)

    try {
      let payload = await client.passport.verifyJWT(data.auth0Token);
      console.log('JWT Payload', payload);
      let user = await client.service('users').get(payload.userId);
      client.set('user', user);
      console.log('User', client.get('user'));
    } catch (err) {
      console.error('Error authenticating!', error);
    }
  })
ekryski commented 7 years ago

I haven't used Auth0 in a while. At a quick glance that looks like it would work but I don't think this totally correct.

You also need to have your own hooks to protect endpoints using the Auth0 JWT. I'm sure it's doable but you'll need to dive into the Auth0 docs to see if they have a way of verifying their JWT on your server. I suspect it's a remote API call because you'd need to know the secret they are signing the tokens with.

Another option (probably the easiest) is to use the Auth0 OAuth2 strategy and you'll get back a Feathers JWT just like with any other OAuth provider.

@kristianmandrup did you get it solved. If so, maybe you could write up a guide? 😁

daffl commented 7 years ago

The Auth0 oAuth2 strategy has been added to the generated application has been added via https://github.com/feathersjs/generator-feathers/pull/254 so all that should be necessary now is to put in your client secret and id.

kristianmandrup commented 7 years ago

Awesome thanks! If anyone is interested, here is my attempt at writing various utils for integrating JWT/Auth0 for various use cases... (originally designed for use with GraphQL services such as GraphCool)

https://github.com/tecla5/easy-graphql-auth

Feathers App https://github.com/tecla5/easy-graphql-auth/tree/master/packages/feathers-app

Use https://github.com/tecla5/easy-graphql-auth/tree/master/packages/easy-auth0-lock

To display/manage Auth0 lock login dialog

Extend f.ex AjaxAuthConnection: https://github.com/tecla5/easy-graphql-auth/tree/master/packages/http-auth-conn

to integrate Auth0 service with Feathers...

kristianmandrup commented 7 years ago

Would like to have authentication-jwt support localstorage as well as "old school" cookie to store/retrieve the jwt token on the client.

kristianmandrup commented 7 years ago

localstorage support obviously needs to be on the client side

kristianmandrup commented 7 years ago

Started developing a feathers-auth0 client/server demo app using latest feathers-cli (generators) and feathers-client. Feel free to come with suggestions or help make it happen ;)

poupryc commented 6 years ago

Today, there are no more examples on how to integrate auth0 with the latest version of feathersjs. Also, there is no system to record the information returned by auth0 in mongoDB for example.

Could we consider reopening the issue ?

homerjam commented 6 years ago

+1 for reopening

I'm getting an invalid signature error and have been struggling with it for hours. I've used the generator, checked the right signing algorithm is used, client secret is correct.

An example would help sooo much right now 😩