search

feathersjs-ecosystem / authentication-jwt

[MOVED] JWT authentication strategy for feathers-authentication using Passport
https://github.com/feathersjs/feathers
MIT License
30 stars 10 forks source link

"No auth token" with socketio #60

Closed carcinocron closed 6 years ago

carcinocron commented 6 years ago

I'm getting a similar issue to https://github.com/feathersjs/authentication/issues/655 except I'm not using auth0.

app.service('users').patch(userId, data);
// also trying:
app.service('users').patch(userId, data, {
      Authorization: 'Bearer sdfdsfdsfds',
});

With the following transit data in socketio

outgoing:
421["patch","users","5a9acc9562f52c32246526a5",{"username":"abcdef","profile":{"first_name":"FN","last_name":"LN"}},{}]
incoming:
431[{"name":"NotAuthenticated","message":"No auth token","code":401,"className":"not-authenticated","data":{},"errors":{}}]

In neither case do I see the accessToken in transit. Removing the hook authenticate('jwt') from the service works.

I'm thinking it's just not being sent?

daffl commented 6 years ago

Socket.io connections do not use the Authorization header. As shown in the chat guide frontend and documented here you have to call app.authenticate() with no parameters to register an existing token (usually from localStorage) with the Socket.io connection. The manual socket authorization process is documented here.

carcinocron commented 6 years ago

I was using app.authenticate. After too many rabbit holes to remember, I eventually go the error jwt audience invalid and resolved updating my server side code to:

  app.configure(jwt({
    aud: 'webapp',
  }));

and on the client:

app.configure(auth({storage, aud: 'web'}));
daffl commented 6 years ago

Hm, that is interesting. This might actually be related to https://github.com/feathersjs/authentication-client/issues/95 in that it swallows the proper error message. I'll look into it and hopefully get a fix for it soon. Thanks for the update!